Is low-rate distributed denial of service a great threat to the Internet?

Low-rate Distributed Denial of Service (LDDoS) attacks, in which the attackers send packets to a victim at a sufficiently low rate to avoid being detected, are considered to be a subtype of DDoS attacks and a potential threat to Internet security. However, an overwhelming attack paradigm on the Internet has rarely been reported due to the harsh requirements for launching LDDoS attacks; therefore, most existing LDDoS attacks are constructed and evaluated through theoretical deduction and/or simulation tests. In this backdrop, the authors aim to figure out what the conditions for launching a successful LDDoS attack are, and how harmful an attack could be. They first analyse the characteristics of LDDoS attacks, and derive the conditions and parameters for initiating LDDoS attacks using a queuing model. Based on the analysis results, an LDDoS algorithm is presented. Then, an LDDoS validation prototype is built on a Network Function Virtualization network to validate the derived parameters and conditions. Finally, a series of experiments are conducted on the testbed, and the results show that a successful LDDoS attack could be achieved based on the derived algorithm; however, its attack effect only lasts for a short time compared with its DDoS counterparts.