Low-Rate DoS Attacks, Detection, Defense, and Challenges: A Survey

Abstract

Low-rate Denial of service (LDoS) attacks has become one of the biggest threats to the Internet, cloud computing platforms, and big data centers. As an evolutionary species of DDoS attack, LDoS attack is essentially different from the DDoS attack. DDoS attacks are the behavior of malicious blocking legitimate network traffic by destroying the targets and the infrastructure around it with huge network traffic. While, LDoS attacks are the behavior of intentional degrading the quality of TCP links by throttling TCP flows to a small fraction of its ideal rate with periodic small pulse sequence. Hence, LDoS attack has a very small flow (around 10%-20% of the background traffic), it is easy to eluding the detection of routers and counter-DoS mechanisms. We try to reveal the mechanism of the LDoS attack and attempt to figure out the generation principle of LDoS attack in this paper. We classify the LDoS attacks and existing defense methods according to time domain and frequency domain in which detection and defense are performed. Furthermore, we highlight the filter approach to defense against LDoS attack. The initial purpose of our work is to encourage researchers to study effective ways to detect and defend against LDoS attacks with innovation and aggressiveness.