Detecting TCP ACK storm attack: a state transition modelling approach. Issue 6 (1st November 2018)
- Record Type:
- Journal Article
- Title:
- Detecting TCP ACK storm attack: a state transition modelling approach. Issue 6 (1st November 2018)
- Main Title:
- Detecting TCP ACK storm attack: a state transition modelling approach
- Authors:
- Hubballi, Neminath
Santini, Jonathan - Abstract:
- Abstract : Ack‐storm DoS attacks are injection attacks against an active Transmission Control Protocol (TCP) connection. These attacks can be generated by a very weak adversary and can generate amplification factor of orders of magnitude by exploiting a weakness in the TCP protocol specification. This attack requires sending two packets by the adversary with acknowledgement number greater than the sequence number used in each direction and the two end hosts will attempt to re‐synchronise the sequence numbers by sending duplicate acknowledgement and enter a loop. In this study, the authors propose a state transition model based detection scheme to detect these DoS attacks. This state transition machine called constrained counting automata ( CCA ) has the ability to count the number of times a state has been revisited and its transitions are constrained by invariant conditions to be satisfied. They model the chances of receiving a packet with acknowledgement number greater than the sequence number used by its peer as a probability distribution and use it to set appropriate value of threshold on revisits of a state for detecting attack. By experimenting within a local network and in Internet, they show that CCA can detect Ack‐storm DoS attacks .
- Is Part Of:
- IET networks. Volume 7:Issue 6(2018)
- Journal:
- IET networks
- Issue:
- Volume 7:Issue 6(2018)
- Issue Display:
- Volume 7, Issue 6 (2018)
- Year:
- 2018
- Volume:
- 7
- Issue:
- 6
- Issue Sort Value:
- 2018-0007-0006-0000
- Page Start:
- 429
- Page End:
- 434
- Publication Date:
- 2018-11-01
- Subjects:
- transport protocols -- probability -- Internet -- computer network security
TCP protocol specification -- weak adversary -- active Transmission Control Protocol connection -- injection attacks -- TCP ACK storm attack -- ack‐storm DoS attacks -- detecting attack -- acknowledgement number -- state transition machine -- state transition model -- sequence number
Computer network architectures -- Periodicals
Computer network protocols -- Periodicals
Information networks -- Periodicals
Telecommunication systems -- Periodicals
004.605 - Journal URLs:
- http://digital-library.theiet.org/IET-NET ↗
http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6072580 ↗
https://ietresearch.onlinelibrary.wiley.com/journal/20474962 ↗
http://ieeexplore.ieee.org/Xplore/home.jsp ↗ - DOI:
- 10.1049/iet-net.2018.5003 ↗
- Languages:
- English
- ISSNs:
- 2047-4954
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252870
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16484.xml