Research On Low-Rate TCP Targeted Denial Of Service Attack And Counter Strategy

21 century is the age of information. Information has become the most resources for the development of countries all over the world. Information security field will be the arena of international competitions. In 2001, a new type of DoS attack is detected on Internet2 Abilene backbone network . Because of its average rate is very low, it is named as low-rate DoS Denial of Service attacks. Low-rate denial of service attacks exploit the TCP congestion control mechanism, through periodically sending pulses of data flows, force TCP to go into a "re-transmission - recovery" repeated process. As inefficiency of the TCP retransmission mechanism, network performance is minimized. The attack sends data flows in certain timescales. While in other time, it "keeps silent", so the average attack rate is very low. When the attack is launched, the attack flow is very similar to the flow of normal user, which makes it hard to be detected. Low-rate denial of service attack with the destructive power of conventional DoS and the characteristics of hidden has become another threat to network security.In this paper, we studied the basic principle and counter strategy of Low-rate denial of service attack. Main work is as follows:(1) The paper describes the background and significance of the study of low-rate denial of service attacks and analyses its basic principle.(2) We classified Low-rate denial of service attack according to the attack targets and synchronization of the attack and analyzed each attack type in detail.(3) We analyzed basic principles of the shrew attacks on the basis of introducing the principle of TCP retransmission timeout.(4) Shrew attack was simulated on the NS2 simulation platform. Then we studied the relation between attack efficiency and attack cycle, pulse duration and pulse intensity. Finally we reached the conclusion that best attack performance can be reached through configing those parameters reasonablely.(5) We proposed a randomized minRTO defense method and modeled on the NS2 simulation,. Then we studied the cwnd change when the counter-strategy was launched. The expeeriment achieved good results. (6) We analyzed both the advantage and the disadvantage of the randomized minRTO defense method and gave the future work plan.