• DocumentCode
    3642488
  • Title

    An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans

  • Author

    Maciej Korczynski;Lucjan Janowski;Andrzej Duda

  • Author_Institution
    Grenoble Inf. Lab., Grenoble Inst. of Technol., Grenoble, France
  • fYear
    2011
  • fDate
    6/1/2011 12:00:00 AM
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    In this paper, we propose an accurate sampling scheme for defeating SYN flooding attacks as well as TCP portscan activity. The scheme examines TCP segments to find at least one of multiple ACK segments coming from the server. The method is simple and scalable, because it achieves good detection performance with false positive rate close to zero even for very low sampling rates. Our trace-based simulations show that the effectiveness of the proposed scheme only relies on the sampling rate regardless on the sampling method.
  • Keywords
    "Servers","Systematics","Sampling methods","IP networks","Limiting","Probabilistic logic","Computer crime"
  • Publisher
    ieee
  • Conference_Titel
    Communications (ICC), 2011 IEEE International Conference on
  • ISSN
    1550-3607
  • Print_ISBN
    978-1-61284-232-5
  • Electronic_ISBN
    1938-1883
  • Type

    conf

  • DOI
    10.1109/icc.2011.5962593
  • Filename
    5962593
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3642488