An Active Detecting Method Against SYN Flooding Attack
- 15 November 2005
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 1, 709-715 Vol. 1
- https://doi.org/10.1109/icpads.2005.67
Abstract
SYN flooding attacks are a common type of distributed denial-of-service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme - DARB obtains the delay of routers by sending packets containing special time-to-live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.Keywords
This publication has 15 references indexed in Scilit:
- Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecturePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- SIFF: a stateless internet flow filter to mitigate DDoS flooding attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- IP traceback-based intelligent packet filtering: A novel technique for defending against internet DDoS attacksIEEE Transactions on Parallel and Distributed Systems, 2003
- Detecting SYN flooding attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Defending against flooding-based distributed denial-of-service attacks: a tutorialIEEE Communications Magazine, 2002
- Hash-based IP tracebackACM SIGCOMM Computer Communication Review, 2001
- Network support for IP tracebackIEEE/ACM Transactions on Networking, 2001
- What can you do with Traceroute?IEEE Internet Computing, 2001
- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing2000
- Analysis of a denial of service attack on TCPPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1997