Skip to content


  • Research Article
  • Open Access

Detecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals

EURASIP Journal on Advances in Signal Processing20092009:256821

  • Received: 14 April 2008
  • Accepted: 21 January 2009
  • Published:


This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).


  • Fourier Transform
  • Autocorrelation
  • Quantum Information
  • Detection Algorithm
  • Previous Method

Publisher note

To access the full article, please see PDF.

Authors’ Affiliations

Department of Computing, The Hong Kong Polytechnic University, Hung Hom, Kowloon, SAR, Hong Kong