{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:43:42Z","timestamp":1767339822757,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,4,19]],"date-time":"2024-04-19T00:00:00Z","timestamp":1713484800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"Low-rate Denial of Service (LDoS) attacks are today considered one of the biggest threats against modern data centers and industrial infrastructures. Unlike traditional Distributed Denial of Service (DDoS) attacks that are mainly volumetric, LDoS attacks exhibit a very small network footprint, and therefore can easily elude standard detection and defense mechanisms. This work introduces a defense strategy that may prove particularly effective against attacks that are based on long-lived connections, an inherent trait of LDoS attacks. Our approach is based on iteratively partitioning the active connections of a victim server across a number of replica servers, and then re-evaluating the health status of each replica instance. At its core, this approach relies on live migration and containerization technologies. The main advantage of the proposed approach is that it can discover and isolate malicious connections with virtually no information about the type and characteristics of the performed attack. Additionally, while the defense takes place, there is little to no indication of the fact to the attacker. We assess various rudimentary schemes to quantify the scalability of our approach. The results from the simulations indicate that it is possible to save the vast majority of the benign connections (80%) in less than 5 min.<\/jats:p>","DOI":"10.3390\/fi16040137","type":"journal-article","created":{"date-parts":[[2024,4,19]],"date-time":"2024-04-19T06:28:09Z","timestamp":1713508089000},"page":"137","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["From Seek-and-Destroy to Split-and-Destroy: Connection Partitioning as an Effective Tool against Low-Rate DoS Attacks"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4492-5104","authenticated-orcid":false,"given":"Vyron","family":"Kampourakis","sequence":"first","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2802 Gj\u00f8vik, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1280-6568","authenticated-orcid":false,"given":"Georgios Michail","family":"Makrakis","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3020-291X","authenticated-orcid":false,"given":"Constantinos","family":"Kolias","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA"}]}],"member":"1968","published-online":{"date-parts":[[2024,4,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"43920","DOI":"10.1109\/ACCESS.2020.2976609","article-title":"Low-rate DoS attacks, detection, defense, and challenges: A survey","volume":"8","author":"Zhijun","year":"2020","journal-title":"IEEE Access"},{"doi-asserted-by":"crossref","unstructured":"Yan, Y., Tang, D., Zhan, S., Dai, R., Chen, J., and Zhu, N. (2019, January 10\u201312). Low-rate dos attack detection based on improved logistic regression. Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Zhangjiajie, China.","key":"ref_2","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00076"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1016\/j.future.2019.12.034","article-title":"MF-Adaboost: LDoS attack detection based on multi-features and improved Adaboost","volume":"106","author":"Tang","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"504","DOI":"10.1016\/j.dcan.2020.04.002","article-title":"The detection method of low-rate DoS attack based on multi-feature fusion","volume":"6","author":"Liu","year":"2020","journal-title":"Digit. Commun. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1705","DOI":"10.1007\/s11036-019-01506-1","article-title":"MF-CNN: A new approach for LDoS attack detection based on multi-feature fusion and CNN","volume":"26","author":"Tang","year":"2021","journal-title":"Mob. Netw. Appl."},{"unstructured":"Delio, M. (2024, April 06). New Breed of Attack Zombies Lurk. Available online: https:\/\/www.wired.com\/2001\/05\/new-breed-of-attack-zombies-lurk\/.","key":"ref_6"},{"unstructured":"Zhu, Q., Yizhi, Z., and Chuiyi, X. (2011, January 13\u201316). Research and survey of low-rate denial of service attacks. Proceedings of the 13th International Conference on Advanced Communication Technology (ICACT2011), Gangwon-Do, Republic of Korea.","key":"ref_7"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"507","DOI":"10.1016\/j.future.2019.10.009","article-title":"Model-based evaluation of combinations of shuffle and diversity MTD techniques on the cloud","volume":"111","author":"Alavizadeh","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1145\/3305218.3305222","article-title":"A modeling approach to classifying malicious cloud users via shuffling","volume":"46","author":"Yang","year":"2019","journal-title":"ACM Sigmetrics Perform. Eval. Rev."},{"doi-asserted-by":"crossref","unstructured":"Hong, J.B., Yoon, S., Lim, H., and Kim, D.S. (2017, January 26\u201329). Optimal network reconfiguration for software defined networks using shuffle-based online MTD. Proceedings of the 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS), Hong Kong.","key":"ref_10","DOI":"10.1109\/SRDS.2017.32"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1109\/MC.2016.85","article-title":"On the Move: Evading Distributed Denial-of-Service Attacks","volume":"49","author":"Stavrou","year":"2016","journal-title":"Computer"},{"doi-asserted-by":"crossref","unstructured":"Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., and Powell, W. (2014, January 23\u201326). Catch Me If You Can: A Cloud-Enabled DDoS Defense. Proceedings of the 2014 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, Atlanta, GA, USA.","key":"ref_12","DOI":"10.1109\/DSN.2014.35"},{"doi-asserted-by":"crossref","unstructured":"Bicakci, M.V., and Kunz, T. (2012, January 27\u201331). TCP-Freeze: Beneficial for virtual machine live migration with IP address change?. Proceedings of the 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC), Limassol, Cyprus.","key":"ref_13","DOI":"10.1109\/IWCMC.2012.6314191"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"11152","DOI":"10.1109\/ACCESS.2019.2891115","article-title":"Online User Distribution-Aware Virtual Machine Re-Deployment and Live Migration in SDN-Based Data Centers","volume":"7","author":"Qin","year":"2019","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1568","DOI":"10.1109\/TNET.2014.2343945","article-title":"CloudNet: Dynamic pooling of cloud resources by live WAN migration of virtual machines","volume":"23","author":"Wood","year":"2014","journal-title":"IEEE\/ACM Trans. Netw."},{"doi-asserted-by":"crossref","unstructured":"Chaufournier, L., Sharma, P., Le, F., Nahum, E., Shenoy, P., and Towsley, D. (2017, January 12\u201314). Fast Transparent Virtual Machine Migration in Distributed Edge Clouds. Proceedings of the Second ACM\/IEEE Symposium on Edge Computing, SEC \u201917, New York, NY, USA.","key":"ref_16","DOI":"10.1145\/3132211.3134445"},{"doi-asserted-by":"crossref","unstructured":"Chen, A., Sriraman, A., Vaidya, T., Zhang, Y., Haeberlen, A., Loo, B.T., Phan, L.T.X., Sherr, M., Shields, C., and Zhou, W. (2016, January 9\u201310). Dispersing Asymmetric DDoS Attacks with SplitStack. Proceedings of the 15th ACM Workshop on Hot Topics in Networks, Atlanta, GA, USA.","key":"ref_17","DOI":"10.1145\/3005745.3005773"},{"doi-asserted-by":"crossref","unstructured":"Bernaschi, M., Casadei, F., and Tassotti, P. (2007, January 7\u20139). SockMi: A solution for migrating TCP\/IP connections. Proceedings of the 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing (PDP\u201907), Napoli, Italy.","key":"ref_18","DOI":"10.1109\/PDP.2007.77"},{"doi-asserted-by":"crossref","unstructured":"Araujo, F., Hamlen, K.W., Biedermann, S., and Katzenbeisser, S. (2014, January 3\u20137). From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA.","key":"ref_19","DOI":"10.1145\/2660267.2660329"},{"doi-asserted-by":"crossref","unstructured":"Bandi, N., Tajbakhsh, H., and Analoui, M. (February, January 30). FastMove: Fast IP switching Moving Target Defense to mitigate DDOS Attacks. Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Fukushima, Japan.","key":"ref_20","DOI":"10.1109\/DSC49826.2021.9346278"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"709","DOI":"10.1109\/COMST.2019.2963791","article-title":"Toward proactive, adaptive defense: A survey on moving target defense","volume":"22","author":"Cho","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"76648","DOI":"10.1109\/ACCESS.2022.3191430","article-title":"Detection and mitigation of low-rate denial-of-service attacks: A survey","volume":"10","author":"Rios","year":"2022","journal-title":"IEEE Access"},{"doi-asserted-by":"crossref","unstructured":"Sikora, M., Fujdiak, R., Kuchar, K., Holasova, E., and Misurec, J. (2021). Generator of Slow Denial-of-Service Cyber Attacks. Sensors, 21.","key":"ref_23","DOI":"10.3390\/s21165473"},{"unstructured":"Fielding, R., and Reschke, J. (2024, April 06). Hypertext Transfer Protocol (HTTP\/1.1): Message Syntax and Routing. Available online: https:\/\/datatracker.ietf.org\/doc\/html\/rfc7230.","key":"ref_24"},{"unstructured":"Criu (2024, April 06). Criu. Available online: https:\/\/criu.org\/Main_Page.","key":"ref_25"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/4\/137\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:30:56Z","timestamp":1760106656000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/4\/137"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,19]]},"references-count":25,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,4]]}},"alternative-id":["fi16040137"],"URL":"https:\/\/doi.org\/10.3390\/fi16040137","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2024,4,19]]}}}