LSAD: lightweight SYN flooding attack detector

Authors:
Seung-won Shin;Ki-young Kim;Jong-soo Jang
Affiliations:
Electronics and Telecommunications Research Institute, Daejon, Korea;Electronics and Telecommunications Research Institute, Daejon, Korea;Electronics and Telecommunications Research Institute, Daejon, Korea
Venue:
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Year:
2004

Citing 3
Cited 0

Analysis of a Denial of Service Attack on TCP

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Resisting SYN flood DoS attacks with a SYN cache

BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Quantified Score

Hi-index	0.00

Visualization

Abstract

Currently, there are lots of approaches to detect SYN flooding, but they require too many resources to manage most of ongoing traffic We propose a simple and robust approach to detect SYN flooding attacks by observing essential network information Instead of managing all ongoing traffic on the network, our approach only monitors SYN count and ratio between SYN and other TCP packets To make the detection mechanism robustly and easily, we use EWMA (exponentially weight moving average) approach in SPC (statistical process control) [3] [10] [11] It makes the detection mechanism much more generally applicable and easier to implement The trace-driven simulation results demonstrate that our proposal is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.