Shrew Attack on Internet Congestion Control Protocol in Control Engineering
Low-rate Denial of Service(LDoS) attacks with their hidden,high efficiency features can significantly degrade service performance of large number of connection-oriented services,or even worse,thoroughly deny the services.Shrew attack is a typical LDoS attack.Firstly we studied the basic mechanism of the attack and congestion control.The source of adaptive congestion control mechanism in the security vulnerability was revealed according to the different levels of the intrinsic link between Internet congestion control at TCP layer and IP layer.Secondly,using the Network simulator NS2 software package,we set up attack model to simulate a large number of attack experiments with various congestion control mechanism and algorithms.Finally we draw the conclusions that continuous Shrew attack makes services nearly crash,while congestion control algorithms taking into account of fairness,such as Stochastic Fairness Queuing (SFQ) and Deficit Round Robin (DRR),can effectively suppress such kind of attack.
Helen Zhang, David Jin and X.J. Zhao
J. H. Ma and L. X. Ji, "Shrew Attack on Internet Congestion Control Protocol in Control Engineering", Advanced Materials Research, Vol. 648, pp. 277-280, 2013