Shrew Attack on Internet Congestion Control Protocol in Control Engineering


Article Preview

Low-rate Denial of Service(LDoS) attacks with their hidden,high efficiency features can significantly degrade service performance of large number of connection-oriented services,or even worse,thoroughly deny the services.Shrew attack is a typical LDoS attack.Firstly we studied the basic mechanism of the attack and congestion control.The source of adaptive congestion control mechanism in the security vulnerability was revealed according to the different levels of the intrinsic link between Internet congestion control at TCP layer and IP layer.Secondly,using the Network simulator NS2 software package,we set up attack model to simulate a large number of attack experiments with various congestion control mechanism and algorithms.Finally we draw the conclusions that continuous Shrew attack makes services nearly crash,while congestion control algorithms taking into account of fairness,such as Stochastic Fairness Queuing (SFQ) and Deficit Round Robin (DRR),can effectively suppress such kind of attack.



Edited by:

Helen Zhang, David Jin and X.J. Zhao




J. H. Ma and L. X. Ji, "Shrew Attack on Internet Congestion Control Protocol in Control Engineering", Advanced Materials Research, Vol. 648, pp. 277-280, 2013

Online since:

January 2013




[1] Kuzmanovic A, Knightly EW. Low-rate TCP-targeted denialofserviceattacks: the shrew vs. the mice and elephants[A]. SIGCOMM 2003[C]. Karlsruhe, 2003. 75-86.


[2] Petros E. Practical Study of a Defense Against Low-RateTCP-Targeted DoSAttack[A]. Internet Technology and SecuredTransactions (ICITST'09) [C]. London, 2009. 1-6.

[3] Zhang Bin, Yang Jia-Hai, Wu Jian-Ping. Survey and Analysis on the Internet Traffic Model[J]. Journal of Software, 2011, 22(1): 115-131.


[4] PanR, PrabhakarB, PsounisK. CHOKe-A Stateless Active Queue Management Scheme for Approximating Fair Bandwidth Allocation[A]. IEEE INFOCOM[C], 2000, 942-951.