An active detecting method against SYN flooding attack

Bin Xiao, Wei Chen, Yanxiang He, Edwin H.M. Sha

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

30 Citations (Scopus)

Abstract

SYN flooding attacks are a common type of Distributed Denial-of-Service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme-DARB obtains the delay of routers by sending packets containing special Time-to-Live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.
Original languageEnglish
Title of host publicationProceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005
Pages709-715
Number of pages7
Volume1
DOIs
Publication statusPublished - 1 Sep 2005
Event11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005 - Fukuoka, Japan
Duration: 20 Jul 200522 Jul 2005

Conference

Conference11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005
Country/TerritoryJapan
CityFukuoka
Period20/07/0522/07/05

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this