An Analysis Of Impact Of End-to-end Delay On Low-rate TCP-Targeted DoS Attack In The Internet

Network security is threatened by LDoS (Low-rate Denial-of-Service) attacksappearing in recent years. Due to their low-rate characteristics, it is hard to detectthem using current intrusion detection systems. They bring great pressure to networksecurity management and may impact network QoS (Quality of Service) significantly.Network status may undergo continuous variation and it remains an open issueon the impact of dynamical network conditions on the effects of LDoS attacks. In thispaper, we study the impact of end-to-end delay on low-rate TCP-targeted DoS attacksin the Internet. Firstly, we use the PING program to measure end-to-end delays ofsome destinations and analyze the delays using statistical methods. We also analyzethe relationship between end-to-end delays and the number of hops.Secondly, we conduct LDoS experiments in the Internet. We collect LDoS flowdata under dynamical network conditions and analyze the pattern of the flows. Tostudy the effects of end-to-end delays on the pattern of LDoS flows, we propose aconcept of wave similarity. The computational results based on the concept haveshown that the received LDoS flows may be distorted greatly even though the flowsare sent in regular patterns at the sender side. The wave similarity is greatlyinfluenced by the sending rate. Such phenomena are prominent when the sending rateexceeds a threshold value and the duration of attack pulse is affected mostly.At last, we study the effects of end-to-end delays on LDoS flows throughsimulation as it is hard to control end-to-end delays in the experiments in the Internet.We design and implement a simulation system for this purpose. By imposing differentdelays in a LDoS attack scenario, we simulate the effects of LDoS attacks using theNS-2simulator. The simulation results have shown that different end-to-end delayswill impact the syncharonization of multiple LDoS flows, leading to the weakening ofeffects of LDoS attacks.The work of the paper provides a base for further study of LDoS attacks and willbe helpful for the design of effective LDoS detection methods.