Title :
A Robust Scheme to Detect SYN Flooding Attacks
Author :
Sun, Changhua ; Fan, Jindou ; Liu, Bin
Author_Institution :
Tsinghua Univ., Beijing
Abstract :
We propose a more robust scheme to detect SYN flooding attacks. Existing methods for detecting SYN flooding are based on the protocol behavior of TCP SYN-FIN (RST) or SYN-ACK pairs, as normally the number of SYN packets is equal to that of FIN (added with RST) packets, or ACK packets in the handshake. When SYN flood starts, there will be more SYN packets. However, the attacker can avoid the detection by sending the FIN or RST packets (ACK packets) in conjunction with the SYN packets. To make the detection scheme more robust, we record the flow information of SYN packets in a counting Bloom Filter, and count the FIN (RST) packets according to the Bloom Filter. In addition, the Change Point Detection method based on a non-parametric Cumulative Sum algorithm is applied to make the detection mechanism much more generally applicable. Through trace-driven simulations, we show our detection scheme is more efficient and robust in detecting various SYN flooding attacks. More importantly, our scheme can be easily deployed at ISP´s edge routers.
Keywords :
Internet; higher order statistics; telecommunication network routing; telecommunication security; transport protocols; Internet services; SYN flooding attacks detection; SYN packets; SYN-ACK pairs; TCP SYN-FIN; change point detection method; edge routers; handshake; nonparametric cumulative sum algorithm; protocol; trace-driven simulations; Bandwidth; Computer crime; Computer science; Cryptography; Educational programs; Floods; Resource management; Robustness; Sun; Web and internet services;
Conference_Titel :
Communications and Networking in China, 2007. CHINACOM '07. Second International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-1009-5
Electronic_ISBN :
978-1-4244-1009-5
DOI :
10.1109/CHINACOM.2007.4469411
