Analysis and Detection of a Denial-of-Service Attack Scenario generated by TCP Receivers to Edge Network
IR@C-MMACS: CSIR-Centre for Mathematical Modelling and Computer Simulation, Bangalore
View Archive InfoField | Value | |
Title |
Analysis and Detection of a Denial-of-Service Attack Scenario generated by TCP Receivers to Edge Network
|
|
Creator |
V, Anil Kumar
|
|
Subject |
Computer Networks
|
|
Description |
The success of the end-to-end congestion control in TCP
mainly depends on the co-operation and volunteer participation of
the end systems in the congestion control process. The steady
growth of malicious activities such as Denial-of-Service attacks
(DoS) on the Internet reveals that the Internet no longer remains
as a network of only trusted entities. The focus of this paper is on
the analysis and detection of a special type of flood-based DoS
attack scenario, where an internal TCP server in a network is
compelled to generate high volume traffic to flood its own
network. We show that an attacker, by exploiting the
vulnerabilities of TCP congestion control algorithms to duplicate
and optimistic acknowledgement spoofing, can successfully turn a
TCP server to a flood source without compromising the server.
We study the potential negative impact of the attack on an edge
network, which connects an organisational LAN to the Internet
using a router with FIFO queue management. Our simulation
results show that such an attack is highly disastrous and powerful
enough to virtually detach the targeted network from the
Internet. We extend our work by presenting a simple but
effective method for detecting the attack by passively monitoring
the inbound and outbound traffic of the targeted network. The
detection is achieved by differentiating malicious stream of
duplicate and optimistic acknowledgments from normal
acknowledgments. The proposed detection technique fits well into
the framework of an intrusion detection system, which can
operate independently without any kind of co-operation from the
end points.
|
|
Publisher |
ADCOM-2004
|
|
Date |
2004
|
|
Type |
Book
PeerReviewed |
|
Format |
application/pdf
|
|
Identifier |
http://cir.cmmacs.ernet.in/164/1/adcom%2Dcamera%2Dready4.pdf
V, Anil Kumar (2004) Analysis and Detection of a Denial-of-Service Attack Scenario generated by TCP Receivers to Edge Network. 12th International Conference on Advanced Computing and Communication, ADCOM-2004. . ADCOM-2004, Ahmedabad, India. |
|
Relation |
http://cir.cmmacs.ernet.in/164/
|
|