Thwarting ICMP low-rate attacks against firewalls while minimizing legitimate traffic loss

Author First name, Last name, Institution

Kadhim Hayawi, Zayed University
Zouheir Trabelsi, United Arab Emirates University
Safaa Zeidan, United Arab Emirates University
Mohammad Mehedy Masud, United Arab Emirates University

ORCID Identifiers

0000-0001-8686-8975

0000-0002-4298-6483

Document Type

Article

Source of Publication

IEEE Access

Publication Date

1-1-2020

Abstract

© 2013 IEEE. Low-rate distributed denial of service (LDDoS) attacks pose more challenging threats that disrupt network security devices and services. Such type of attacks is difficult to detect and mitigate. In LDDoS attacks, attacker uses low-volume of malicious traffic that looks alike legitimate traffic. Thus, it can enter the network in silence without any notice. However, it may have severe effect on disrupting network services, depleting system resources, and degrading network speed to a point considering them as one of the most damaging attack types. There are many types of LDDoS such as application server and ICMP error messages based LDDoS. This paper is solely concerned with the ICMP error messages based LDDoS. The paper proposes a mechanism to mitigate low-rate ICMP error message attacks targeting security devices, such as firewalls. The mechanism is based on triggering a rejection rule to defend against corresponding detected attack as early as possible, in order to preserve firewall resources. The rejection rule has certain adaptive activity time, during which the rule continues to reject related low-rate attack packets. This activity time is dynamically predicted for the next rule activation period according to current and previous attack severity and statistical parameters. However, the rule activity time needs to be stabilized in a manner in order to prevent any additional overhead to the system as well as to prevent incremental loss of corresponding legitimate packets. Experimental results demonstrate that the proposed mechanism can efficiently defend against incremental evasion cycle of low-rate attacks, and monitor rejection rule activity duration to minimize legitimate traffic loss.

DOI Link

10.1109/access.2020.2987479

ISSN

2169-3536

Publisher

Institute of Electrical and Electronics Engineers Inc.

Volume

8

First Page

78029

Last Page

78043

Disciplines

Computer Sciences

Keywords

attack probabilistic modeling, BlackNurse attack, Low-rate attacks, session table, Stateful firewall

Scopus ID

85084845720

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Recommended Citation

Hayawi, Kadhim; Trabelsi, Zouheir; Zeidan, Safaa; and Masud, Mohammad Mehedy, "Thwarting ICMP low-rate attacks against firewalls while minimizing legitimate traffic loss" (2020). All Works. 3655.
https://zuscholars.zu.ac.ae/works/3655

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Gold: This publication is openly available in an open access journal/series