Title :
An Early Stage Detecting Method against SYN Flooding Attack
Author :
Wei, Guiyi ; Gu, Ye ; Ling, Yun
Author_Institution :
Coll. of Comput. & Inf. Eng., Zhejiang Gongshang Univ., Hangzhou
Abstract :
Distributed denial-of-service (DDoS) attacks pose a serious threat to Internet security. While SYN flooding exploits the TCP three-way handshake process by sending many connection requests using spoofed source IP addresses to a victim server. DDoS attack keeps objective host from handling legitimate requests by causing it to populate its backlog queue with forged TCP connection. In this paper, we propose a novel defense mechanism that makes use of the edge routers that connect end hosts to the Internet to store and detect whether the outgoing SYN, ACK or incoming SYN/ACK segment is valid. This is accomplished by maintaining a mapping table of the outgoing SYN segments and incoming SYN/ACK segments and establishing the destination and source IP address database. The results of simulation show the approach can yield accurate DDoS alarms at early stage.
Keywords :
IP networks; Internet; telecommunication security; transport protocols; Internet security; SYN flooding attack; TCP three-way handshake process; distributed denial-of-service; Application software; Computer crime; Computer science; Databases; Floods; Inspection; Internet; Network servers; TCPIP; Web server; DDoS; Detecting Method; Early Stage; SYN Flooding;
Conference_Titel :
Computer Science and its Applications, 2008. CSA '08. International Symposium on
Conference_Location :
Hobart, ACT
Print_ISBN :
978-0-7695-3428-2
DOI :
10.1109/CSA.2008.18
