Increasing communications security through protocol parameter diversity

Pulsing attacks use carefully synchronized high-rate low-duration bursts of traffic that are injected into a network to induce denial-of-service. These attacks are effective because the bursts force protocols into low-performance states. The synchronization relies on the fact that most computers run protocols with identical parameter values. The use of diverse parameter value could make the attacks much less likely to succeed. This paper describes how parameters in TCP protocol implementations can be automatically diversified, introduces several evaluation metrics, and assesses the efficacy of this defense using Kuzmanovic’s shrew pulsing attack. The experiments show that in a diversified environment under attack, some hosts can obtain near normal throughput, while average network throughput is improved for most (but not all) attack scenarios. Heterogeneity of parameter values among hosts is key to the defense.