An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently

Bin Xiao, Wei Chen, Yanxiang He

Research output: Journal article publicationJournal articleAcademic researchpeer-review

22 Citations (Scopus)


Distributed denial of service (DDoS) attacks seriously threaten Internet services yet there is currently no defence against such attacks that provides both early detection, allowing time for counteraction, and an accurate response. Traditional detection methods rely on passively sniffing an attacking signature and are inaccurate in the early stages of an attack. Current counteractions such as traffic filter or rate-limit methods do not accurately distinguish between legitimate and illegitimate traffic and are difficult to deploy. This work seeks to provide a method that detects SYN flooding attacks in a timely fashion and that responds accurately and independently on the victim side. We use the knowledge of network traffic delay distribution and apply an active probing technique (DARB) to identify half-open connections that, suspiciously, may not arise from normal network congestion. This method is suitable for large network areas and is capable of handling bursts of traffic flowing into a victim server. Accurate filtering is ensured by a counteraction method using IP address and time-to-live(TTL) fields. Simulation results show that our active detection method can detect SYN flooding attacks accurately and promptly and that the proposed rate-limit counteraction scheme can efficiently minimize the damage caused by DDoS attacks and guarantee constant services to legitimate users.
Original languageEnglish
Pages (from-to)456-470
Number of pages15
JournalJournal of Parallel and Distributed Computing
Issue number4
Publication statusPublished - 1 Apr 2008


  • DDoS attacks
  • Early detection
  • Rate-limit counteraction
  • SYN flooding
  • TTL

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Hardware and Architecture
  • Computer Networks and Communications
  • Artificial Intelligence


Dive into the research topics of 'An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently'. Together they form a unique fingerprint.

Cite this