Mitigating distributed denial-of-service attacks using network connection control charts
Proceedings of the 2nd international conference on Scalable information systems
IEICE - Transactions on Information and Systems
Highspeed and flexible source-end DDoS protection system using IXP2400 network processor
IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
SYN flooding attack detection based on entropy computing
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
International Journal of Network Management
DDoS detection and traceback with decision tree and grey relational analysis
International Journal of Ad Hoc and Ubiquitous Computing
SYN flooding attack detection by TCP handshake anomalies
Security and Communication Networks
Hi-index | 0.00 |
With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper, we explore the practical implementation of statistical-based SYN-flooding detection system in a network processor-based router. An embedded architecture, called synmon is proposed. We employ an instance of change-point detection, non-parametric Cumulative Sum (CUSUM) algorithm, for SYNflooding detection. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A prototype of synmon embedded forwarder is developed and the performance of synmon under different attack patterns, network loads, sampling interval and tuning parameters is investigated. We demonstrate that the synmon architecture seamlessly integrates with common forwarding tasks while providing cost-effective service for SYN-flooding detection on network processor platform.