A mechanism to defend SYN flooding attack based on network measurement system

Author

Xiaofeng, Qiu ; Jihong, Hao ; Ming, Chen

Author_Institution

Dept. of Comput., PLA Univ. of Sci. & Technol., Nanjing, China

fYear

2004

fDate

28 June-1 July 2004

Firstpage

208

Lastpage

212

Abstract

SYN flooding attack is a common method employed in denial of service (DoS) and distributed denial of service (DDoS). It´s hard to maintain the effective defense merely by passive defense measures such as monitoring and filtering. To avoid influencing the legitimate service requests and stop attacks at the source, the attack-detection and service-protection must be combined with the trace of the attack source. Having studied and concluded the features of such attacks, we propose a few key metrics to judge if an attack is undergoing. In this paper, the based platform, network measurement system (NMS) is outlined first. Then the detection method is discussed in detail, focusing on the features of service-protection, attack-elimination, and how to trace back the attack source. Finally, we present the experiments of the defending mechanism and analyze their results.

Keywords

IP networks; security of data; telecommunication security; IP traceback; SYN flooding attack defense; attack detection; attack elimination; attack source trace; distributed denial of service; network measurement system; service protection; Automation; Computer crime; Computer networks; Computerized monitoring; Distributed computing; Floods; Modems; Programmable logic arrays; Security; TCPIP;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: Research and Education, 2004. ITRE 2004. 2nd International Conference on

Print_ISBN

0-7803-8625-6

Type

conf

DOI

10.1109/ITRE.2004.1393677

Filename

1393677