MIL-RoQ: Monitoring, Identifying and Locating the RoQ Attack in Backbone Network

Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack, which exploits the vulnerability of TCP’s adaptive behavior that can seriously reduce or inhibit the throughput of TCP flows. While most of the defensive methods are studied on the single network access link (router), the RoQ attack can not only launch on the single network link, but also attack towards several links or even entire network, which causes more severe consequences. In order to obtain a global perspective from the network and identify the attack, in this paper we propose a traffic anomaly analysis method to monitor, identify and locate the RoQ attack in backbone network on the basis of principal component analysis (PCA) and spectrum analysis techniques. Experimental results demonstrate that our method can analyze and find anomalies in the traffic from several downstream links in backbone network, and also locate and identify the RoQ attacks accurately. Meanwhile, our method can significantly reduce the computation and complexity as it only needs to analyze local traffic data about anomalous links.