Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.

Slides:



Advertisements
Similar presentations
Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
Advertisements

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
Transport Layer3-1 TCP AIMD multiplicative decrease: cut CongWin in half after loss event additive increase: increase CongWin by 1 MSS every RTT in the.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.
1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.
Practice Questions: Congestion Control and Queuing
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
1 Equation-Based Congestion Control for Unicast Applications Sally Floyd, Mark Handley, Jitendra Padhye & Jorg Widmer August 2000, ACM SIGCOMM Computer.
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.
Presented by Prasanth Kalakota & Ravi Katpelly
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,
1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.
Fluid-based Analysis of a Network of AQM Routers Supporting TCP Flows with an Application to RED Vishal Misra Wei-Bo Gong Don Towsley University of Massachusetts,
1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.
Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University
Advanced Computer Networks: TCP Congestion Control 1 TCP Congestion Control Lecture material taken from “Computer Networks A Systems Approach”, Fourth.
CMPE 257 Spring CMPE 257: Wireless and Mobile Networking Spring 2005 E2E Protocols (point-to-point)
TCP Congestion Control
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs.
Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing
Courtesy: Nick McKeown, Stanford 1 TCP Congestion Control Tahir Azim.
Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.
CS 4396 Computer Networks Lab
Understanding the Performance of TCP Pacing Amit Aggarwal, Stefan Savage, Thomas Anderson Department of Computer Science and Engineering University of.
Principles of Congestion Control Congestion: informally: “too many sources sending too much data too fast for network to handle” different from flow control!
Chapter 12 Transmission Control Protocol (TCP)
1 On Class-based Isolation of UDP, Short-lived and Long-lived TCP Flows by Selma Yilmaz Ibrahim Matta Computer Science Department Boston University.
27th, Nov 2001 GLOBECOM /16 Analysis of Dynamic Behaviors of Many TCP Connections Sharing Tail-Drop / RED Routers Go Hasegawa Osaka University, Japan.
1 TCP III - Error Control TCP Error Control. 2 ARQ Error Control Two types of errors: –Lost packets –Damaged packets Most Error Control techniques are.
HighSpeed TCP for High Bandwidth-Delay Product Networks Raj Kettimuthu.
TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.
CS640: Introduction to Computer Networks Aditya Akella Lecture 20 - Queuing and Basics of QoS.
CS640: Introduction to Computer Networks Aditya Akella Lecture 15 TCP – III Reliability and Implementation Issues.
Computer Networking Lecture 18 – More TCP & Congestion Control.
TCP: Transmission Control Protocol Part II : Protocol Mechanisms Computer Network System Sirak Kaewjamnong Semester 1st, 2004.
1 CS 4396 Computer Networks Lab TCP – Part II. 2 Flow Control Congestion Control Retransmission Timeout TCP:
1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.
CS640: Introduction to Computer Networks Aditya Akella Lecture 15 TCP – III Reliability and Implementation Issues.
Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.
Winter 2008CS244a Handout 71 CS244a: An Introduction to Computer Networks Handout 7: Congestion Control Nick McKeown Professor of Electrical Engineering.
Advance Computer Networks Lecture#09 & 10 Instructor: Engr. Muhammad Mateen Yaqoob.
Random Early Detection (RED) Router notifies source before congestion happens - just drop the packet (TCP will timeout and adjust its window) - could make.
Chapter 11.4 END-TO-END ISSUES. Optical Internet Optical technology Protocol translates availability of gigabit bandwidth in user-perceived QoS.
79 Sidevõrgud IRT 4060/ IRT 0020 vooruloeng 8 / 3. nov 2004 Vooülekanne Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Congestion Control 0.
Dynamic Behavior of Slowly Responsive Congestion Control Algorithms (Bansal, Balakrishnan, Floyd & Shenker, 2001)
1 ICCCN 2003 Modelling TCP Reno with Spurious Timeouts in Wireless Mobile Environments Shaojian Fu School of Computer Science University of Oklahoma.
Denial of Service Attacks
Johns Hopkins university
Chapter 6 Congestion Avoidance
The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack
TCP-LP Distributed Algorithm for Low-Priority Data Transfer
Aleksandar Kuzmanovic
Removing Exponential Backoff from TCP
Lecture 19 – TCP Performance
Amogh Dhamdhere, Hao Jiang and Constantinos Dovrolis
CS640: Introduction to Computer Networks
RAP: Rate Adaptation Protocol
TCP Congestion Control
TCP Overview.
TCP III - Error Control TCP Error Control.
TCP: Transmission Control Protocol Part II : Protocol Mechanisms
Presentation transcript:

Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly

Computer Science, Portland State University2 Contributions Present a denial of service attack – Shrew –throttle TCP flows to a small fraction Show the mechanism of Shrew attacks –Exploit TCP’s retransmission timeout mechanism Develop several DoS traffic patterns for attacking

Computer Science, Portland State University3 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

Computer Science, Portland State University4 Denial of Service From Wikipedia –an attempt to make a computer resource unavailable to its intended users Damage –Network bandwidth –CPU cycles –Server interrupt processing capacity –Specific protocol data structures

Computer Science, Portland State University5 TCP Congestion Control To avoid or reduce the congestion Small Round Trip Time (RTT) 10ms – 100ms –Additive-Increase Multiplicative-Decrease (AIMD) control Severe congestion –Retransmission Time Out (RTO) –RTO is doubly increased when failure happens

Computer Science, Portland State University6 TCP Congestion Control Smoothed Round-Trip Time (SRTT) Round-Trip Time Variation (RTTVAR)

Computer Science, Portland State University7 TCP Retransmission Timer Multiplicative decrease Exponentioal backoff 1.Reduce congestion window to one 2.Doubles RTO Package Loss

Computer Science, Portland State University8 Shrew Attacks Low-rate DoS attacks that exploit the slow- timescale dynamics of retransmission timers Provoke a TCP flow to repeatedly enter a retransmission timeout state –Sending high-rate, but short-duration bursts –The bursts must have RTT-scale –Repeating periodically at slower RTO timescales Outage: short durations of the attacker’s loss- inducing bursts

Computer Science, Portland State University9 Square-Wave DoS Stream Outage Burst duration is long enough to induce transmission loss Average DoS rate is still low

Computer Science, Portland State University10 DoS Scenario and System Model Bottleneck Rate

Computer Science, Portland State University11 DoS Model Given condition DoS TCP Throughput Model

Computer Science, Portland State University12 Flow Filtering Flow Filtering Behavior –Only TCP flow that satisfies the condition could be influenced by the shrew attacks

Computer Science, Portland State University13 DoS TCP Throughput: Model and Simulation Depending on how well the attack can induce transmission loss Model does not consider the slow-start Zero throughput

Computer Science, Portland State University14 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

Computer Science, Portland State University15 Instantaneous Bottleneck Queue Behavior Define B as the queue size and B 0 as the queue size at the start of an attack Time to fill the queue:

Computer Science, Portland State University16 Minimum Rate DoS Streams Double-Rate DoS Stream Fill the queue Keep the queue full Use square-wave for DoS streams –Behaves the same –Simple, does not need knowledge of network params

Computer Science, Portland State University17 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

Computer Science, Portland State University18 DoS and Aggregated TCP Flows Five long-lived homogeneity TCP flows RTT homogeneity introduces a single vulnerable timescale DoS induces the synchronization of RTO

Computer Science, Portland State University19 RTT-Based Filtering 20 long-lived TCP flows on a 10 MB/s link Range of round-trip time is 20 to 460 ms Most short RTT TCP flows are influenced

Computer Science, Portland State University20 High Aggregation with Heterogeneous RTT High-RTT flows are not influenced much

Computer Science, Portland State University21 Impact of DoS Burst Length As the burst length increases, more TCP flows with high RTT are influenced

Computer Science, Portland State University22 Impact of DoS Peak Rate Low peak rates are sufficient to filter the short-RTT flow 1 TCP Flow with RTT: 12ms to 134ms 3 TCP Flow with RTT: 108ms to 230ms

Computer Science, Portland State University23 Impact on HTTP Flows Attacks have greater impact on larger files

Computer Science, Portland State University24 TCP Variants

Computer Science, Portland State University25 TCP Variants (Cont.) Burst length L has a great influence on the throughput

Computer Science, Portland State University26 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

Computer Science, Portland State University27 DoS Attack Scenario Intra-LAN Scenario Inter-LAN Scenario WAN Scenario

Computer Science, Portland State University28 Experiment Results Shrew attacks can come from both remote sites or near by LANs

Computer Science, Portland State University29 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

Computer Science, Portland State University30 Impact of RED and RED-PD routers For Router-Assisted Mechanisms: relatively long- timescale measurements are required to determine with confidence that a flow is transmitting at excessively high rate and should be dropped. RED: Random Early Detection RED-PD: RED with Preferential Dropping

Computer Science, Portland State University31 Detecting DoS Streams

Computer Science, Portland State University32 DoS under Randomized RTO Randomized minRTO shifts and smoothes TCP’s null frequencies It will influence the TCP performance Helps but not very much to defend the attack

Computer Science, Portland State University33 Conclusions Low-rate DoS attacks are successful against both short- and long-lived TCP aggregates In a heterogeneous-RTT environment, the success of the attack is weighted towards shorter-RTT flows All low-rate periodic open-loop streams could be harmful Shrew attacks can only be mitigated, but not eliminated, it is a tradeoff between performance

Computer Science, Portland State University34 Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.