Applying Sigmoid Filter for Detecting the Low-Rate Denial of Service Attacks
| Title | Applying Sigmoid Filter for Detecting the Low-Rate Denial of Service Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Rabie, R., Drissi, M. |
| Conference Name | 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC) |
| Date Published | Jan. 2018 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-4649-6 |
| Keywords | attacker traffic, Bandwidth, Computer crime, computer network security, denial of service (dos), distributed DoS, filtering theory, high rate attacks, honey pots, honey-pot server, human factors, low-rate bandwidth, low-rate denial of service attack detection, low-rate DoS attack detection, MATLAB, network efficiency, NS-3 Simulation, NS3 simulation, Probabilistic logic, pubcrawl, re-transition timeout mechanism, resilience, Resiliency, Routing protocols, Scalability, Servers, sigmoid filter optimization, TCP congestion control window algorithm, TCP packet size, telecommunication congestion control, telecommunication traffic, threshold bandwidth filter, transport protocols |
| Abstract | This paper focuses on optimizing the sigmoid filter for detecting Low-Rate DoS attacks. Though sigmoid filter could help for detecting the attacker, it could severely affect the network efficiency. Unlike high rate attacks, Low-Rate DoS attacks such as ``Shrew'' and ``New Shrew'' are hard to detect. Attackers choose a malicious low-rate bandwidth to exploit the TCP's congestion control window algorithm and the re-transition timeout mechanism. We simulated the attacker traffic by editing using NS3. The Sigmoid filter was used to create a threshold bandwidth filter at the router that allowed a specific bandwidth, so when traffic that exceeded the threshold occurred, it would be dropped, or it would be redirected to a honey-pot server, instead. We simulated the Sigmoid filter using MATLAB and took the attacker's and legitimate user's traffic generated by NS-3 as the input for the Sigmoid filter in the MATLAB. We run the experiment three times with different threshold values correlated to the TCP packet size. We found the probability to detect the attacker traffic as follows: the first was 25%, the second 50% and the third 60%. However, we observed a drop in legitimate user traffic with the following probabilities, respectively: 75%, 50%, and 85%. |
| URL | https://ieeexplore.ieee.org/document/8301654 |
| DOI | 10.1109/CCWC.2018.8301654 |
| Citation Key | rabie_applying_2018 |
- Servers
- NS3 simulation
- Probabilistic logic
- pubcrawl
- re-transition timeout mechanism
- resilience
- Resiliency
- Routing protocols
- Scalability
- NS-3 Simulation
- sigmoid filter optimization
- TCP congestion control window algorithm
- TCP packet size
- telecommunication congestion control
- telecommunication traffic
- threshold bandwidth filter
- transport protocols
- attacker traffic
- network efficiency
- MATLAB
- low-rate DoS attack detection
- low-rate denial of service attack detection
- low-rate bandwidth
- Human Factors
- honey-pot server
- honey pots
- high rate attacks
- filtering theory
- distributed DoS
- denial of service (dos)
- computer network security
- Computer crime
- Bandwidth