TY - GEN
T1 - Intrusion detection system for identification of throughput degradation attack on TCP
AU - Bhandari, Ashish
AU - Agarwal, Mayank
AU - Biswas, Santosh
AU - Nandi, Sukumar
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/9/6
Y1 - 2016/9/6
N2 - Improving Transmission Control Protocol (TCP) robustness and evaluation of its performance under attacks such as Denial-of-Service, Degradation-of-Service etc. has always been an area of active research. In this paper, we analyze a variant of degradation of service attacks against TCP that makes use of forged duplicate acknowledgments in order to degrade the throughput of an on-going connection. The receipt of three (forged) duplicate acknowledgments is an indicator towards the presence of congestion on the route between the server and client. To cope up with the congestion, the server reduces the congestion window resulting in throughput reduction. As the semantics of the attack remains the same under normal and attack conditions, the signature and anomaly based Intrusion Detection System (IDS) fail to detect the throughput degradation attack. We also propose an active IDS in order to detect the attack. An active IDS is capable of injecting packets in to the network in order to create difference between normal and attack scenarios. The simulation experiments are carried out to check the validity of proposed detection scheme. The proposed scheme is light weight and can be easily deployed on existing systems.
AB - Improving Transmission Control Protocol (TCP) robustness and evaluation of its performance under attacks such as Denial-of-Service, Degradation-of-Service etc. has always been an area of active research. In this paper, we analyze a variant of degradation of service attacks against TCP that makes use of forged duplicate acknowledgments in order to degrade the throughput of an on-going connection. The receipt of three (forged) duplicate acknowledgments is an indicator towards the presence of congestion on the route between the server and client. To cope up with the congestion, the server reduces the congestion window resulting in throughput reduction. As the semantics of the attack remains the same under normal and attack conditions, the signature and anomaly based Intrusion Detection System (IDS) fail to detect the throughput degradation attack. We also propose an active IDS in order to detect the attack. An active IDS is capable of injecting packets in to the network in order to create difference between normal and attack scenarios. The simulation experiments are carried out to check the validity of proposed detection scheme. The proposed scheme is light weight and can be easily deployed on existing systems.
UR - http://www.scopus.com/inward/record.url?scp=84988841595&partnerID=8YFLogxK
U2 - 10.1109/NCC.2016.7561150
DO - 10.1109/NCC.2016.7561150
M3 - Conference contribution
AN - SCOPUS:84988841595
T3 - 2016 22nd National Conference on Communication, NCC 2016
BT - 2016 22nd National Conference on Communication, NCC 2016
PB - Institute of Electrical and Electronics Engineers
T2 - 22nd National Conference on Communication, NCC 2016
Y2 - 4 March 2016 through 6 March 2016
ER -