Research On The Reduction-Of-Quality Attacks And Its Countermeasures

Denial of service(DoS) attack presents a considerable security threat to the Internet. Research on the countermeasure of DoS attack is a hot, yet difficult topic.Reduction of Quality(RoQ) attack is an atypical DoS attack, which can decrease or inhibit normal TCP flows in networks. Because it has a strong concealment, most traditional methods of detection are no longer applicable, and it is more difficult to defense. Therefore, research on RoQ attack and its countermeasures is significant and indispensable. My main research contents and contributions are as follows:First of all, I analyze and classify the present research about RoQ attack and its detection methods. In three stages of the research: study on characteristics of attack,attack detection in stubnetwork and attack defense from the whole network, the dissertation proposes three typical problems, and to expand the relevant research respectively.In accordance with basic principles of attack, I design an attack model and use it to estimate attack effect with quantitative and qualitative analysis. In this way, the dissertation also explores the security vulnerabilities of TCP. Furthmore, I analyze and identify two typical attack characteristics, abrupt change and periodicity.Based on the principle of Time-Frequency analysis, I propose a novel method of detection, which takes advantage of Wavelet multi-resolution and Cepstral analysis technique, to extract the potential attack characteristics of abrupt change and periodicity.Moreover, the dissertation can also extract flow period features with any structure by utilizing secondary spectrum analysis. In other words, the dissertation can deal with a more complex RoQ attacks. Results of simulations and real network experiments demonstrate that our algorithm can detect RoQ attacks accurately, with very low false positive rate and false negative rate.Based on analyzing and modeling with network traffic from a backbone link, I propose a novel method named MIL-RoQ, which can monitor, identify and locate the RoQ attacks from the network-wide. This is the first method which can locate and identify the attack from the perspective of network-wide. Results of experimentsdemonstrate that our method is reliable and effective. Moreover, my algorithm can significantly reduce the time complexity.