SYN flooding attack detection by TCP handshake anomalies

Bellaïche, Martine; Grégoire, Jean-Charles

doi:10.1002/sec.365

Cited by 9 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many research works on TCP SYN flood attacks such as [11], [12], [13], however very few research works on TCP FIN flood attacks. Yoon et al [14] discuss defense against general TCP Flooding Attack including the TCP FIN attacks.…”

Section: Related Workmentioning

confidence: 99%

TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

et al. 2019

View full text Add to dashboard Cite

<p class="0abstract">Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenario normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level.</p>

show abstract

Section: Related Workmentioning

confidence: 99%

TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Basically, we can detect TCP SYN flooding in a node by checking the number of current half-opened TCP connection. Even though, there are many enhanced ways presented to detect TCP SYN attacks [4,8], finding out the effective detection scheme is out of focus of this paper 3) . Although a compromised node by TCP SYN flooding cannot allow TCP connection requests from others, it can broadcasts TCP SYN flooding warning messages to the neighboring nodes using other communication methods.…”

Section: Fig 4 Example Scenariomentioning

confidence: 99%

Dynamic Dependability Level Switching Strategies by Utilizing Threat Predictions

Lim¹

2017

Journal of the Korea Industrial Information Systems Research

View full text Add to dashboard Cite

“…We divide this range into four intervals assigned to each of the risk classes: low, medium, high, and critical. Once again, we chose decomposing into equivalent intervals: [0, 3] for low class, [4,7] for medium class, [8,11] for high class, and [12,14] is assigned to the critical class. In Table 4, we present two scenarios of risk classification: likelihood being more important than impact, and conversely.…”

Section: Risk Classificationmentioning

confidence: 99%

“…A TCP SYN flood is an attack on the transport layer. In a network, connection sessions are initiated between a client and a server by exchanging special SYN–ACK segments.…”

Section: Introductionmentioning

confidence: 99%

Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server

Karoui¹

2016

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Network security management is a complex and costly task. This is due to the diversity and the large number of assets to protect from potential threats. It is difficult for enterprises to ensure complete security of their information technology resources. They need to give priority to critical and vulnerable assets. Thus, for each asset, they assess the risks associated with various threats. Then, depending on risk level, they can decide which asset needs a particular security treatment. In this paper, we propose a novel risk assessment framework based on a set of reversible metrics. It is based on new metrics for the likelihood and impact parameters. These metrics have as a primary objective to solve the problem of weighting the risk factors that lead to different risk values. The proposed metrics are classified and aggregated to provide a unique risk metric. We are using a new bitwise method for aggregating called ‘bit alternation’. This method ensures the reversibility of the likelihood and impact metrics. It has many advantages: unifying metrics, diagnosing the cause of high risks, comparing the values of the risk calculated with different weighting strategies, exchanging standard risk values, etc. To illustrate our method, we have applied it to assess risks of some distributed denial of service attacks for an e‐commerce enterprise that wants to see the level of security of its retail web server. To demonstrate the effectiveness of our results, we have compared them with those obtained by the weighted average method. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

SYN flooding attack detection by TCP handshake anomalies

Cited by 9 publications

References 21 publications

TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

Dynamic Dependability Level Switching Strategies by Utilizing Threat Predictions

Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server

Contact Info

Product

Resources

About