ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2015, Vol. 52 ›› Issue (4): 813-822.doi: 10.7544/issn1000-1239.2015.20148347

Special Issue: 2015大数据驱动的网络科学

Previous Articles     Next Articles

MIL-RoQ: Monitoring, Identifying and Locating the RoQ Attack in Backbone Network

Wen Kun1,2,Yang Jiahai1,2,Cheng Fengjuan3,Yin Hui3, Wang Jianfeng1,2   

  1. 1(Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084) ; 2(Tsinghua National Laboratory for Information Science and Technology (Tsinghua University), Beijing 100084); 3(College of Information Science and Engineering, Henan University of Technology, Zhengzhou 450001)
  • Online:2015-04-01

Abstract: Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack, which exploits the vulnerability of TCP’s adaptive behavior that can seriously reduce or inhibit the throughput of TCP flows. While most of the defensive methods are studied on the single network access link (router), the RoQ attack can not only launch on the single network link, but also attack towards several links or even entire network, which causes more severe consequences. In order to obtain a global perspective from the network and identify the attack, in this paper we propose a traffic anomaly analysis method to monitor, identify and locate the RoQ attack in backbone network on the basis of principal component analysis (PCA) and spectrum analysis techniques. Experimental results demonstrate that our method can analyze and find anomalies in the traffic from several downstream links in backbone network, and also locate and identify the RoQ attacks accurately. Meanwhile, our method can significantly reduce the computation and complexity as it only needs to analyze local traffic data about anomalous links.

Key words: network security, anomaly detection, reduction of quality (RoQ) attack, principal component analysis (PCA), spectrum analysis

CLC Number: