SYN-dog: Sniffing SYN Flooding Sources

Authors:
Haining Wang;Danlu Zhang;Kang G. Shin
Affiliations:
-;-;-
Venue:
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Year:
2002

Citing 0
Cited 12

On scalable attack detection in the network

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Perimeter-Based Defense against High Bandwidth DDoS Attacks

IEEE Transactions on Parallel and Distributed Systems
Stateful DDoS attacks and targeted filtering

Journal of Network and Computer Applications
On scalable attack detection in the network

IEEE/ACM Transactions on Networking (TON)
AID: A global anti-DoS service

Computer Networks: The International Journal of Computer and Telecommunications Networking
A collaborative defense mechanism against SYN flooding attacks in IP networks

Journal of Network and Computer Applications
Flooding attacks detection and victim identification over high speed networks

GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Request diversion: a novel mechanism to counter P2P based DDoS attacks

International Journal of Internet Protocol Technology
A scalable, efficient and informative approach for anomaly-based intrusion detection systems: theory and practice

International Journal of Network Management
Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods

International Journal of Sensor Networks
An incrementally deployable path address scheme

Journal of Parallel and Distributed Computing
Flooding attacks detection in backbone traffic using power divergence

Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a simple and robust mechanism called SYN-dog to sniff SYN flooding sources. We install SYN-dog as a software agent at leaf routers that connect stub networks to the Internet. The statelessness and low computation overhead of SYN-dog make itself immune to any flooding attacks. The core mechanism of SYN-dog is based on the protocol behavior of TCP SYN-SYN/ACK pairs, and is an instance of the Sequential Change Detection [1]. To make SYN-dog insensitive to site and access pattern, a non-parametric CumulativeSum (CUSUM) method [4] is applied, thus making SYN-dog much more generally applicable and its deployment much easier. Due to its proximity to the flooding sources, SYN-dog can trace the flooding sources without resorting to expensive IP traceback.