Computer Science – Cryptography and Security
Scientific paper
2012-01-10
Computer Science
Cryptography and Security
Scientific paper
Distributed denial-of-service attacks on public servers have recently become a serious problem. To assure that network services will not be interrupted and more effective defense mechanisms to protect against malicious traffic, especially SYN floods. One problem in detecting SYN flood traffic is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of a SYN flood attack. Another problem is single-point defenses (e.g. firewalls) lack the scalability needed to handle an increase in the attack traffic. We have designed a new defense mechanism to detect the SYN flood attacks. First, we introduce a mechanism for detecting SYN flood traffic more accurately by taking into consideration the time variation of arrival traffic. We investigate the statistics regarding the arrival rates of both normal TCP SYN packets and SYN flood attack packets. We then describe a new detection mechanism based on these statistics. Through the trace driven approach defense nodes which receive the alert messages can identify legitimate traffic and block malicious traffic by delegating SYN/ACK packets.
Gowrishankar A.
Kumarasamy Saravanan
No associations
LandOfFree
An Active Defense Mechanism for TCP SYN flooding attacks does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with An Active Defense Mechanism for TCP SYN flooding attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and An Active Defense Mechanism for TCP SYN flooding attacks will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-463391