مرکز منطقه ای اطلاع رساني علوم و فناوري - An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans

DocumentCode :

3642488

Title :

An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans

Author :

Maciej Korczynski;Lucjan Janowski;Andrzej Duda

Author_Institution :

Grenoble Inf. Lab., Grenoble Inst. of Technol., Grenoble, France

fYear :

2011

fDate :

6/1/2011 12:00:00 AM

Firstpage :

Lastpage :

Abstract :

In this paper, we propose an accurate sampling scheme for defeating SYN flooding attacks as well as TCP portscan activity. The scheme examines TCP segments to find at least one of multiple ACK segments coming from the server. The method is simple and scalable, because it achieves good detection performance with false positive rate close to zero even for very low sampling rates. Our trace-based simulations show that the effectiveness of the proposed scheme only relies on the sampling rate regardless on the sampling method.

Keywords :

"Servers","Systematics","Sampling methods","IP networks","Limiting","Probabilistic logic","Computer crime"

Publisher :

ieee

Conference_Titel :

Communications (ICC), 2011 IEEE International Conference on

ISSN :

1550-3607

Print_ISBN :

978-1-61284-232-5

Electronic_ISBN :

1938-1883

Type :

conf

DOI :

10.1109/icc.2011.5962593

Filename :

5962593

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3642488