Title :
Performance Estimation of TCP under SYN Flood Attacks
Author :
Nakashima, Takuo ; Sueyoshi, Toshinori
Author_Institution :
Dept. of Inf. Sci., Kyushu Tokai Univ., Kumamoto
Abstract :
The SYN flood attack is a DoS (denial of service) method affecting hosts to retain the half-open state and causing to exhaust its memory resources. This attack is hardly filtered by the router in such a case that the source IP address is spoofed. In this paper, we present the performance estimation of TCP under SYN flood attacks and propose a detective method at an early stage. We implement an attacking program and observe response packets from the server on different OS´s. Our performance estimation explores the metric to detect a condition caused by SYN flood attacks. Firstly, the observation of response packets leads to find the most sensitive metric and its threshold. Secondly, the packet loss rate is adopted as the metric to identify whether the server is attacked or not. Finally, we detect the slight variations of response packet if the value exceeds the pre-determined threshold value, then the detective host sends the RST packet to release the half-open state on TCP
Keywords :
Internet; performance evaluation; security of data; transport protocols; DoS attack; SYN flood attacks; TCP; denial of service attack; performance estimation; Computer crime; Floods; Information filtering; Information filters; Internet; Network servers; Protocols; State estimation; TCPIP; Web server;
Conference_Titel :
Complex, Intelligent and Software Intensive Systems, 2007. CISIS 2007. First International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2823-6
DOI :
10.1109/CISIS.2007.48
