摘要： 针对TCP协议的低速分布式拒绝服务攻击(DDoS)，通过发送高频率、低持续时间的攻击数据包来检测及过滤多重路由和入侵检测系统，利用TCP的拥塞控制机制的RTO时间是一个确定数值这一先天不足，采用周期性攻击来达到等同于传统DDoS的攻击效果。目前对于这类攻击没有很好的应对方法。通过一系列仿真实验，采用随机RTO，使得低速DDoS不能预测RTO时间，从而降低低速DDoS的攻击影响。

关键词: 低速分布式拒绝服务攻击, 慢启动算法, 重发超时时间, 随机重发超时时间

Abstract: A low-rate TCP-targeted Distributed Denial of Service(DDoS) is a network attack method which generates high rate and short burst length attack packets. It can easily pass through multi-level router filer or IDS, and make use of the innate weakness of TCP congestion control mechanism. The RTO of TCP congestion control mechanism is a certain value. A low-rate TCP-targeted DDoS attacker is synchronized with the RTO, so low-rate TCP-targeted DDoS can make the network’s throughput down just as the original DDoS and be very hard to be found out. Now there is no good method to deal with it. This paper shows how the randomized RTO can reduce the harm of low-rate TCP-targeted DDoS effectively through a series of experiments.

Key words: low-rate Distributed Denial of Service(DDoS), slow start arithmetic, retransmission timeout, randomized retransmission timeout

中图分类号: 

• TP309