ARM-CPD: Detecting SYN flooding attack by traffic prediction

Author

Qibo, Sun ; Shangguang, Wang ; Danfeng, Yan ; Fangchun, Yang

Author_Institution

State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2009

fDate

18-20 Oct. 2009

Firstpage

443

Lastpage

447

Abstract

This paper proposed an ARM-CPD scheme that is a simple but fast and effective approach to detect SYN flooding attacks. Instead of managing all real time ongoing traffic on the network, ARM-CPD only monitors the SYN packet and use it to predict the SYN packet in the near future to detect the SYN flooding attacks. To get the prediction SYN traffic, the autoregressive integrated moving average model (ARIMA) is proposed; and to make the detection method insensitive to site and access pattern, a non-parametric cumulative sum (CUSUM) algorithm is applied. The trace-driven simulations demonstrate that ARM-CPD can shorten the detection time of SYN flooding attack effectively.

Keywords

autoregressive moving average processes; security of data; telecommunication traffic; ARM-CPD; SYN flooding attack detection; SYN traffic prediction; autoregressive integrated moving average model; denial of service attacks; nonparametric cumulative sum algorithm; trace-driven simulations; Computational modeling; Computer crime; Floods; Internet; Laboratories; Predictive models; Sun; Telecommunication switching; Telecommunication traffic; Traffic control; ARIMA; CUSUM; DoS; TCP SYN flooding;

fLanguage

English

Publisher

ieee

Conference_Titel

Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-4590-5

Electronic_ISBN

978-1-4244-4591-2

Type

conf

DOI

10.1109/ICBNMT.2009.5348532

Filename

5348532