Title :
A real-time method for detecting internet-wide SYN flooding attacks
Author :
Lihua Miao ; Wei Ding ; Jian Gong
Author_Institution :
Sch. of Comput. Sci. & Eng., Southeast Univ., Nanjing, China
Abstract :
Reports show that DDoS attacks are ubiquitous on the Internet and may jeopardize networks´ stable operation. In order to understand the nature of this threat and further to enable effective control and management, a whole picture of the Internet-wide attacks is a necessity. Traditional methods use darknets to this end. However, with the IPv4 address space exhaustion, darknets become hard to acquire. In this paper, we seek to detect Internet-wide attacks using a live network. In particular, we focus on the most prevalent SYN flooding attacks. First, a complete attack scenario model is introduced according to the positions of the attacker, the victim and the attacking address. Then, after discussing the features of all scenarios, an algorithm named WSAND is proposed to detect Internet-wide SYN flooding attacks using Netflow data. In order to evaluate it, the algorithm is deployed at 28 main PoPs (Points of Presence) of the China Education and Research Network (CERNET) and the total internal address space is up to 200/16 blocks. A large quantity of Internet-wide SYN flooding attacks detected in March 2014 is discussed in detail. With the help of the detected attacks, a case study of detecting an internal zombie is presented.
Keywords :
Internet; computer network security; real-time systems; ubiquitous computing; CERNET; China education and research network; DDoS attacks; IPv4 address space exhaustion; Internet wide SYN flooding attacks; Internet wide attacks; PoP; Points of Presence; SYN flooding attacks; attacking address; real-time method; ubiquitous; Backscatter; Bismuth; Computer crime; IP networks; Internet; Measurement; Real-time systems; Internet-wide SYN flooding attack; Netflow data; large-scale deployment; live network; real-time detection;
Conference_Titel :
Local and Metropolitan Area Networks (LANMAN), 2015 IEEE International Workshop on
Conference_Location :
Beijing
DOI :
10.1109/LANMAN.2015.7114740