Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Hi-index | 0.00 |
Currently, there are lots of approaches to detect SYN flooding, but they require too many resources to manage most of ongoing traffic We propose a simple and robust approach to detect SYN flooding attacks by observing essential network information Instead of managing all ongoing traffic on the network, our approach only monitors SYN count and ratio between SYN and other TCP packets To make the detection mechanism robustly and easily, we use EWMA (exponentially weight moving average) approach in SPC (statistical process control) [3] [10] [11] It makes the detection mechanism much more generally applicable and easier to implement The trace-driven simulation results demonstrate that our proposal is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.