Title :
D-SAT: detecting SYN flooding attack by two-stage statistical approach
Author :
Shin, Seung-Won ; Kim, Ki-Young ; Jang, Jong-Soo
Author_Institution :
Electron. & Telecommun. Res. Inst., Taejeon, South Korea
fDate :
31 Jan.-4 Feb. 2005
Abstract :
We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and other TCP packets at first time. And it detects SYN flooding and finds victims more accurately in its second stage. To make the detection mechanism robustly and easily, D-SAT uses CUSUM (cumulative sum) approach in SPC (statistical process control) (H. Wang et al., 2002) (D.C. Montgomery, 2001) (D.M. Hawkins et al., 1998). It makes the detection mechanism much more generally applicable and easier to implement. D-SAT also employed AFM (aggregation flow management) for finding victims quickly and accurately. The trace-driven simulation results demonstrate that D-SAT system is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.
Keywords :
Internet; authorisation; statistical process control; telecommunication congestion control; telecommunication security; telecommunication traffic; transport protocols; D-SAT system; SYN flooding attack detection; TCP packets; aggregation flow management; cumulative sum; network traffic; statistical approach; statistical process control; Electronic mail; Floods; Network servers; Process control; Protection; Robust control; Robustness; Telecommunication traffic; Web and internet services; Web server;
Conference_Titel :
Applications and the Internet, 2005. Proceedings. The 2005 Symposium on
Print_ISBN :
0-7695-2262-9
DOI :
10.1109/SAINT.2005.18
