End-to-end routing behavior in the Internet
IEEE/ACM Transactions on Networking (TON)
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
What Can You Do with Traceroute?
IEEE Internet Computing
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
SOS: an architecture for mitigating DDoS attacks
IEEE Journal on Selected Areas in Communications
IEEE Transactions on Parallel and Distributed Systems
Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks
IEEE Transactions on Parallel and Distributed Systems
PSO-SFDD: Defense against SYN flooding DoS attacks by employing PSO algorithm
Computers & Mathematics with Applications
Detecting SYN flooding attacks based on traffic prediction
Security and Communication Networks
Hi-index | 0.00 |
Distributed denial of service (DDoS) attacks seriously threaten Internet services yet there is currently no defence against such attacks that provides both early detection, allowing time for counteraction, and an accurate response. Traditional detection methods rely on passively sniffing an attacking signature and are inaccurate in the early stages of an attack. Current counteractions such as traffic filter or rate-limit methods do not accurately distinguish between legitimate and illegitimate traffic and are difficult to deploy. This work seeks to provide a method that detects SYN flooding attacks in a timely fashion and that responds accurately and independently on the victim side. We use the knowledge of network traffic delay distribution and apply an active probing technique (DARB) to identify half-open connections that, suspiciously, may not arise from normal network congestion. This method is suitable for large network areas and is capable of handling bursts of traffic flowing into a victim server. Accurate filtering is ensured by a counteraction method using IP address and time-to-live(TTL) fields. Simulation results show that our active detection method can detect SYN flooding attacks accurately and promptly and that the proposed rate-limit counteraction scheme can efficiently minimize the damage caused by DDoS attacks and guarantee constant services to legitimate users.