AccFlow: Defending Against the Low-Rate TCP DoS Attack in Wireless Sensor Networks
share
Because of the open nature of the Wireless Sensor Networks (WSN), the Denial of the Service (DoS) becomes one of the most serious threats to the stability of the resourceconstrained sensor nodes. In this paper, we develop AccFlow which is an incrementally deployable Software-Defined Networking based protocol that is able to serve as a countermeasure against the low-rate TCP DoS attack. The main idea of AccFlow is to make the attacking flows accountable for the congestion by dropping their packets according to their loss rates. The larger their loss rates, the more aggressively AccFlow drops their packets. Through extensive simulations, we demonstrate that AccFlow can effectively defend against the low-rate TCP DoS attack even if attackers vary their strategies by attacking at different scales and data rates. Furthermore, while AccFlow is designed to solve the low-rate TCP DoS attack, we demonstrate that AccFlow can also effectively defend against general DoS attacks which do not rely on the TCP retransmission timeout mechanism but cause denial of service to legitimate users by consistently exhausting the network resources. Finally, we consider the scalability of AccFlow and its deployment in real networks.
READ FULL TEXT
