Title :
ARM-CPD: Detecting SYN flooding attack by traffic prediction
Author :
Qibo, Sun ; Shangguang, Wang ; Danfeng, Yan ; Fangchun, Yang
Author_Institution :
State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
This paper proposed an ARM-CPD scheme that is a simple but fast and effective approach to detect SYN flooding attacks. Instead of managing all real time ongoing traffic on the network, ARM-CPD only monitors the SYN packet and use it to predict the SYN packet in the near future to detect the SYN flooding attacks. To get the prediction SYN traffic, the autoregressive integrated moving average model (ARIMA) is proposed; and to make the detection method insensitive to site and access pattern, a non-parametric cumulative sum (CUSUM) algorithm is applied. The trace-driven simulations demonstrate that ARM-CPD can shorten the detection time of SYN flooding attack effectively.
Keywords :
autoregressive moving average processes; security of data; telecommunication traffic; ARM-CPD; SYN flooding attack detection; SYN traffic prediction; autoregressive integrated moving average model; denial of service attacks; nonparametric cumulative sum algorithm; trace-driven simulations; Computational modeling; Computer crime; Floods; Internet; Laboratories; Predictive models; Sun; Telecommunication switching; Telecommunication traffic; Traffic control; ARIMA; CUSUM; DoS; TCP SYN flooding;
Conference_Titel :
Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-4590-5
Electronic_ISBN :
978-1-4244-4591-2
DOI :
10.1109/ICBNMT.2009.5348532
