Detecting SYN flooding attacks based on traffic prediction

Authors:
Shangguang Wang;Qibo Sun;Hua Zou;Fangchun Yang
Affiliations:
State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China;State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China;State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China;State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
Venue:
Security and Communication Networks
Year:
2012

Citing 15
Cited 0

Introduction to Grey system theory

The Journal of Grey System
A statistical approach to predictive detection

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on selected topics in network and systems management
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
On scalable attack detection in the network

IEEE/ACM Transactions on Networking (TON)
An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently

Journal of Parallel and Distributed Computing
A collaborative defense mechanism against SYN flooding attacks in IP networks

Journal of Network and Computer Applications
Traffic flooding attack detection with SNMP MIB using SVM

Computer Communications
On the Robustness of SCTP against DoS Attacks

ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
Detecting SYN Flooding Agents under Any Type of IP Spoofing

ICEBE '08 Proceedings of the 2008 IEEE International Conference on e-Business Engineering
Grey system theory-based models in time series prediction

Expert Systems with Applications: An International Journal
Application of anomaly detection algorithms for detecting SYN flooding attacks

Computer Communications
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency

Computer Networks: The International Journal of Computer and Telecommunications Networking
WDA: A Web farm Distributed Denial Of Service attack attenuator

Computer Networks: The International Journal of Computer and Telecommunications Networking
Parametric methods for anomaly detection in aggregate traffic

IEEE/ACM Transactions on Networking (TON)
A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

IWSEC'06 Proceedings of the 1st international conference on Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

SYN flooding attacks are a common type of distributed denial-of-service attacks. Up to now, many defense schemes have been proposed against SYN flooding attacks. Traditional defense schemes rely on passively sniffing an attacking signature and are inaccurate in the early stages of an attack. These schemes are effective only at the later stages when attacking signatures are obvious. In this paper, we propose a detection approach that makes use of SYN traffic prediction to determine whether SYN flooding attacks happen at the early stage. We firstly adopt grey prediction model to predict SYN traffic, and then, we employ cumulative sum algorithm to detect SYN flooding attack traffic among forecasted SYN traffic. Trace-driven simulation results demonstrate that our proposed detection approach can detect SYN flooding attacks effectively. Copyright © 2012 John Wiley & Sons, Ltd.