Research On LDDoS Flows Synchronization And Aggregation Based On Cross-correlation

Nowadays, DDoS(Distributed Denial of Service) attack is one of the most serious threats to Internet. Through large number of controled computers, DDoS attack sends lots of useless data packets to consume the Internet bandwidth and server resource. In this way, the server resource can not be used by the legitimate user, that's why we call it denial of service.LDDoS(Low-rate Distributed Denial of Service) attack is a new class of DDoS, which exploits TCP's congestion control mechanism. Low-rate DDoS attacks is essentially a periodic short burst which forces all affected TCP flows to enter the Retransmission timeout or Fast Recovery state. so it can reduce the throughput of the attacked TCP flows. Because of its low-rate and concealment characteristics, it is a hard problem for detecting LDDoS attack in network security.The paper focuses on the method of LDDoS flow in time synchronization and flow aggregation. It includes several sections. First, the analysis of the attack principle and method of DDoS, LDoS(Low-Rate Denial of Service) and LDDoS have conducted. In order to understand and master the principle and characteristics of the attack, simulation method is used to test the attack effect of DDoS, LDoS and LDDoS, and also by comparing and analyzing the simulation results, the specific influence to a TCP connection of LDDoS is revealed. Second, the paper put forward the method about the LDDoS attack flow synchronization and convergence based on cross-correlation. The LDDoS attacker distributes in everywhere of the network, however, there is no strict timing relationships to make each attack terminal reach the target in time, thus cannot form strength attack flow. According to the characteristics of the LDDoS attack scattered, the factors that influence the LDDoS attack effect are studied, and the cross-correlation is put in use to enhance the attack effect at the target, as the attack flow distributes in everywhere of the network. Finally, some simulations on the LDDoS attack flow synchronization and aggregation have carried out to verify the synchronization and aggregation effect under different attack period T and Round Trip Time.Experiments dedicate that the proposed algorithm can greatly improve the aggregate effect of the attack flow, thus make the LDDoS attack effect much enhancement.