Improving the functionality of syn cookies
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A queueing analysis for the denial of service (DoS) attacks in computer networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
Journal of Parallel and Distributed Computing
A collaborative defense mechanism against SYN flooding attacks in IP networks
Journal of Network and Computer Applications
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Data fusion of multi-sensor for IOT precise measurement based on improved PSO algorithms
Computers & Mathematics with Applications
Computers & Mathematics with Applications
Hi-index | 0.09 |
A DoS attack can be regarded as an attempt of attackers to prevent legal users from gaining a normal network service. The TCP connection management protocol sets a position for a classic DoS attack, namely, the SYN flood attack. In this attack some sources send a large number of TCP SYN segments, without completing the third handshake step to quickly exhaust connection resources of the under attack system. This paper models the under attack server by using the queuing theory in which attack requests are recognized based on their long service time. Then it proposes a framework in which the defense issue is formulated as an optimization problem and employs the particle swarm optimization (PSO) algorithm to optimally solve this problem. PSO tries to direct the server to an optimum defense point by dynamically setting two TCP parameters, namely, maximum number of connections and maximum duration of a half-open connection. The simulation results show that the proposed defense strategy improves the performance of the under attack system in terms of rejection probability of connection requests and efficient consumption of buffer space.