Distributed Denial-of-Service (DDoS) is a big threat to the availability of Internet-based services today. Low rate DDoS attacks, especially pulsing attacks, aim to degrade the Quality of Service experienced by users by using only a small amount of attack traffic, unlike conventional volume-based DDoS attacks. To improve the effectiveness and stealthiness, these pulsing attacks assume that the attack packet is concentrated on the server in a very short time (a few milliseconds) using state-of-the-art synchronization techniques. However, even with the most advanced technology in the real world, it is almost impossible to achieve this tight level of synchronization, which means the effectiveness of the pulsing attack can be overestimated based on the exceeded assumption. In this paper, we use the Very Short Intermittent DDoS attack (VSI-DDoS) as an example to measure the practical effectiveness of a pulsing attack in a realistic environment. We found that VSI-DDoSbecame substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.
- Low-rate DDos
- Time synchronization