On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
AID: A global anti-DoS service
Computer Networks: The International Journal of Computer and Telecommunications Networking
A collaborative defense mechanism against SYN flooding attacks in IP networks
Journal of Network and Computer Applications
Flooding attacks detection and victim identification over high speed networks
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Request diversion: a novel mechanism to counter P2P based DDoS attacks
International Journal of Internet Protocol Technology
International Journal of Network Management
International Journal of Sensor Networks
An incrementally deployable path address scheme
Journal of Parallel and Distributed Computing
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Hi-index | 0.00 |
This paper presents a simple and robust mechanism called SYN-dog to sniff SYN flooding sources. We install SYN-dog as a software agent at leaf routers that connect stub networks to the Internet. The statelessness and low computation overhead of SYN-dog make itself immune to any flooding attacks. The core mechanism of SYN-dog is based on the protocol behavior of TCP SYN-SYN/ACK pairs, and is an instance of the Sequential Change Detection [1]. To make SYN-dog insensitive to site and access pattern, a non-parametric CumulativeSum (CUSUM) method [4] is applied, thus making SYN-dog much more generally applicable and its deployment much easier. Due to its proximity to the flooding sources, SYN-dog can trace the flooding sources without resorting to expensive IP traceback.