Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
D-SAT: Detecting SYN Flooding Attack by Two-Stage Statistical Approach
SAINT '05 Proceedings of the The 2005 Symposium on Applications and the Internet
Statistical-Based SYN-Flooding Detection Using Programmable Network Processor
ICITA '05 Proceedings of the Third International Conference on Information Technology and Applications (ICITA'05) Volume 2 - Volume 02
An Active Detecting Method Against SYN Flooding Attack
ICPADS '05 Proceedings of the 11th International Conference on Parallel and Distributed Systems - Volume 01
A Mathematical Theory of Communication
A Mathematical Theory of Communication
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
| Hi-index | 0.01 |
We present an original approach to detect SYN flooding attacks from the victim's side, by monitoring unusual handshake sequences. Detection is done in real-time to allow quick protection and help guarantee a proper defence. Our detection system uses an entropy measure to detect changes in the balance of TCP handshakes. Experiment results show that our method can detect SYN flooding attacks with better accuracy and robustness than traditional stateless methods, and with manageable overhead.