Application of stochastic discrete event system framework for detection of induced low rate TCP attack

•Induced low rate TCP attack is recently developed and causes denial of service.•Induced low rate TCP attack is difficult to detect using signature matching schemes.•Proposed detection scheme uses failure diagnosis of stochastic discrete event systems.•Results show high attack detection rate and minimal impact of the attack.

TCP is the most widely accepted transport layer protocol. The major emphasis during the development of TCP was its functionality and efficiency. However, not much consideration was given on studying the possibility of attackers exploiting the protocol, which has lead to several attacks on TCP. This paper deals with the induced low rate TCP attack. Since the attack is relatively new, only a few schemes have been proposed to mitigate it. However, the main issues with these schemes are scalability, change in TCP header, lack of formal frameworks, etc. In this paper, we have adapted the stochastic DES framework for detecting the attack, which addresses most of these issues. We have successfully deployed and tested the proposed DES based IDS on a test bed.