Low-rate TCP-targeted denial of service attacks and counter strategies

Aleksandar Kuzmanovic*, Edward W. Knightly

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

137 Scopus citations


Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP's congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a well-known vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission timeout mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Moreover, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized timeout mechanisms to thwart such low-rate DoS attacks.

Original languageEnglish (US)
Pages (from-to)683-696
Number of pages14
JournalIEEE/ACM Transactions on Networking
Issue number4
StatePublished - Aug 1 2006


  • Denial of service
  • Retransmission timeout
  • TCP

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Low-rate TCP-targeted denial of service attacks and counter strategies'. Together they form a unique fingerprint.

Cite this