Summary: 546 IEEE COMMUNICATIONS LETTERS, VOL. 13, NO. 7, JULY 2009
Is It Congestion or a DDoS Attack?
Amey Shevtekar and Nirwan Ansari, Fellow, IEEE
Abstract--We propose a new stealthy DDoS attack model
referred to as the "quiet" attack. The attack traffic consists
of TCP traffic only. Widely used botnets in today's various
attacks and newly introduced network feedback control are
integral part of the quiet attack model. We show that short-
lived TCP flows can be intentionally misused. The quiet attack
is detrimental to the Internet traffic and at the same time difficult
to be detected by using current defense systems. We demonstrate
the inability of representative defense schemes such as adaptive
queue management and aggregate congestion control to detect
the quiet attack.
Index Terms--DDoS, router, and TCP.
INTERNET has become an integral part of various com-
mercial activities like online banking, online shopping, etc.
Denial-of-Service (DoS) attacks are becoming a major threat
to the Internet infrastructure integrity. These days, attackers