Detecting SYN Flooding Agents under Any Type of IP Spoofing

Nashat, Dalia; Jiang, Xiaohong; Horiguchi, Susumu

doi:10.1109/icebe.2008.18

Cited by 16 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Divakaran et al (2016) proposed an approach to detect SYN flooding based on the linear prediction analysis using the difference of outgoing SYN and incoming SYN/ACK segments [6]. Nashat et al (2008) developed an approach for detecting TCP SYN flooding attacks by using SYN and SYN/ACK segments with packets header information [7]. In this approach, the Counting Bloom filter (CBF) has been used to classify all incoming SYN/ACK segments, and then CUSUM chart has been applied to make a final decision [7].…”

Section: Introductionmentioning

confidence: 99%

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

Bouyeddou

Harrou

Sun

et al. 2017

2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B)

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

Bouyeddou

Harrou

Sun

et al. 2017

2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B)

View full text Add to dashboard Cite

“…The authors of Ref. [7] proposed a scheme to detect the flooding agents by considering all the possible kinds of IP spoofing, which is based on the SYN/SYN-ACK protocol pair with the consideration of packet header information. The Counting Bloom Filter is used to classify all the incoming SYN-ACK packets to the sub network into two streams, and the CUSUM algorithm is applied to make the detection decision by the two normalized differences, one of which is the difference between the number of SYN packets and the number of the first SYN-ACK packets and the other one is the difference between the number of the firs SYN-ACK packets and the number of the retransmission SYN-ACK.…”

Section: Introductionmentioning

confidence: 99%

ARM-CPD: Detecting SYN flooding attack by traffic prediction

Sun

Wang

Yan

et al. 2009

2009 2nd IEEE International Conference on Broadband Network &Amp; Multimedia Technology

View full text Add to dashboard Cite

This paper proposed an ARM-CPD scheme that is a simple but fast and effective approach to detect SYN flooding attacks. Instead of managing all real time ongoing traffic on the network, ARM-CPD only monitors the SYN packet and use it to predict the SYN packet in the near future to detect the SYN flooding attacks. To get the prediction SYN traffic, the Autoregressive Integrated Moving Average Model (ARIMA) is proposed; and to make the detection method insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) algorithm is applied. The trace-driven simulations demonstrate that ARM-CPD can shorten the detection time of SYN flooding attack effectively.

show abstract

“…Moreover, this traceback can be performed by "post mortem" after an attack has completed. Dalia et al [5] proposed a scheme to detect the flooding agents by considering all the possible kinds of IP spoofing. The proposed scheme is based on the TCP SYN-SYN/ACK protocol pair with the consideration of packet header information.…”

Section: Related Workmentioning

confidence: 99%

Performance Analysis of ACO-based IP Traceback

Anand¹,

Sivachandar²

2012

IJCA

View full text Add to dashboard Cite

The Internet has experienced a tremendous expansion in its size and complexity since its commercialization. Internet hosts are threatened by large-scale Distributed Denial-ofService (DDoS) attacks in the network. DDoS attacks typically rely on compromising a large number of hosts to generate traffic to a single destination node. Thus the severity of DDoS attacks will likely increase to the possible extend, as greater numbers of poorly secured hosts are connected to high-bandwidth Internet connections. To detect and coordinate DDoS attacks in the network usually an Intrusion Detection System (IDS) is used but, this method consumes most of the resources and thereby degrades the network performance. Moreover, the memory-less feature of the routing mechanism makes the operation hard to traceback the source of the DDoS attacks. This paper analyzed the performance of an Ant Colony Optimization (ACO)-based IP traceback method to identify the origin of the attack in the network. The ACO-based IP traceback approach uses flow level information to identify the origin of a DDoS attack. The ACO-based IP traceback method is implemented using NS-2 simulation on various network scenarios consisting of 8 nodes, 10 nodes, and 14 nodes. The results of the experimental and simulation studies demonstrate the effectiveness and efficiency of the proposed system.

show abstract

Detecting SYN Flooding Agents under Any Type of IP Spoofing

Cited by 16 publications

References 12 publications

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

Detecting SYN flood attacks via statistical monitoring charts: A comparative study

ARM-CPD: Detecting SYN flooding attack by traffic prediction

Performance Analysis of ACO-based IP Traceback

Contact Info

Product

Resources

About