eprintid: 2752 rev_number: 8 eprint_status: archive userid: 274 dir: disk0/00/00/27/52 datestamp: 2017-12-11 09:41:34 lastmod: 2017-12-11 09:41:34 status_changed: 2017-12-11 09:41:34 type: conference_item metadata_visibility: show creators_name: Kieu, Minh Viet creators_name: Nguyen, Dai Tho creators_name: Nguyen, Thanh Thuy creators_id: 15028023@vnu.edu.vn creators_id: nguyendaitho@vnu.edu.vn creators_id: nguyenthanhthuy@vnu.edu.vn corp_creators: University of Engineering and Technology, Vietnam National University, Hanoi title: Using CPR Metric to Detect and Filter Low-Rate DDoS Flows ispublished: pub subjects: IT divisions: fac_fit abstract: TCP-targeted low-rate distributed denial-of-service (LDDoS) attacks pose a serious challenge to the reliability and security of the Internet. Among various proposed solutions, we are particularly interested in the Congestion Participation Rate (CPR) metric and the CPR-based approach. Through a simulation study, we show that the existing algorithm cannot simultaneously achieve high TCP throughput while under attack and good fairness performance for new legitimate TCP flows in normal times. We then propose a new version of the CPR-based approach to overcome the tradeoff. Simulation results show that it preserves TCP throughput while under attack fairly well, yet maintains fairness for new TCP flows in normal times. date: 2017-12-07 date_type: published official_url: http://soict.org/ contact_email: nguyendaitho@vnu.edu.vn full_text_status: public pres_type: paper event_title: The Eighth International Symposium on Information and Communication Technology (SoICT 2017) event_location: Nha Trang, Vietnam event_dates: December 7-8, 2017 event_type: conference refereed: TRUE referencetext: [1] 2005. NS-2 simulator. http://www.isi.edu/nsnam/ns/. (2005). [2] 2011. AQM&DoS simulation platform. https://sites.google.com/site/cwzhangres/ home/posts/aqmdossimulationplatform/. (2011). [3] B. Braden, D. Clark, and many others. 1998. Recommendations on queue management and congestion avoidance in the Internet. RFC 2309. [4] S. Floyd and V. Jacobson. 1993. Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking 1, 4 (1993), 397–413. [5] V. Jacobson and M. Karels. 1988. Congestion avoidance and control. ACM Computer Comm. Review 18, 4 (1988), 314–329. [6] A. Kuzmanovic and E. Knightly. 2003. Low-rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants). In Proceedings of ACMSIGCOMM. [7] V. Paxson and M. Allman. 1999. On estimating end-to-end network path properties. In Proceedings of ACM SIGCOMM. [8] V. Paxson, M. Allman, J. Chu, and M. Sargent. 2011. Computing TCP’s retransmission timer. RFC 6298. [9] G. Yang, M. Gerla, and M. Sanadidi. 2004. Defense against low-rate TCP-targeted denial-of-service attacks. In IEEE Symposium on Computers and Communications. [10] C. Zhang, Z. Cai, W. Chen, X. Luo, and J. Yin. 2012. Flow level detection and filtering of low-rate DDoS. Elsevier Computer Networks (2012). [11] C. Zhang, J. Yin, Z. Cai, and W. Chen. 2010. RRED: Robust RED algorithm to counter low-rate denial-of-service attacks. IEEE Communications Letters 14, 5 (2010). citation: Kieu, Minh Viet and Nguyen, Dai Tho and Nguyen, Thanh Thuy (2017) Using CPR Metric to Detect and Filter Low-Rate DDoS Flows. In: The Eighth International Symposium on Information and Communication Technology (SoICT 2017), December 7-8, 2017, Nha Trang, Vietnam. document_url: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/2752/1/paper%2040.pdf