Title :
A Detective Method for SYN Flood Attacks
Author :
Nakashima, Takuo ; Oshima, Shunsuke
Author_Institution :
Dept. of Inf. Sci., Kyushu Tokai Univ., Kumamoto
fDate :
Aug. 30 2006-Sept. 1 2006
Abstract :
DoS (Denial of Service) attacks are easily performed by utilizing the weakness of the network protocol. If should be notable that the firewall host hardly filters the SYN flood attacks, and the spoofed IP address keeps the position of the attacker from being traced. Early detection of this SYN flood attacks as well as the mechanism of escaping from the half-open state on TCP is required. In this paper, we present a detective method for SYN flood attacks in early stage. We implemented a program to send the SYN packet and collected the SYN+ACK response packet from the server. Our method firstly built a standard model generated by observations for the activity of the server. Secondly, we detect the slight fluctuations in relation to the packet response rate and the average response delay. Finally, the RST packet is sent to the server on which half-open state on TCP is released
Keywords :
IP networks; Internet; authorisation; computer network management; file servers; packet switching; telecommunication security; telecommunication traffic; transport protocols; Denial of Service attack; DoS; SYN flood attack detection method; TCP; firewall host; network protocol; packet response rate; spoofed IP address; Computer crime; Delay; Electronic mail; Floods; Fluctuations; Information science; Network servers; Protocols; TCPIP; Web server; Attack; Detective Method; DoS; SYN Flood;
Conference_Titel :
Innovative Computing, Information and Control, 2006. ICICIC '06. First International Conference on
Conference_Location :
Beijing
Print_ISBN :
0-7695-2616-0
DOI :
10.1109/ICICIC.2006.3
