Abstract
Distributed Denial-of-Service (DDoS) attacks seriously threat the servers in the Internet. Most of current research is focused on the detection and prevention methods at the victim side or the source side. However, defense at the innocent side, whose IP is used as the spoofed IP by the attacker, is always ignored. In this paper, a novel method at the innocent side has been proposed. Our detection scheme gives accurate detection results using little storage and computation resource. From the result of experiments, the approach presented in this paper yields accurate DDoS.
This work is supported by the National Natural Science Foundation of China under Grant No. 90104005 and partially by HK Polyu ICRG A-PF86 and CERG Polyu 5196/04E.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Postel, J.: Transmission Control Protocol : DARPA internet program protocol specification, RFC 793 (1981)
Moore, D., Voelker, G., Savage, S.: Inferring internet Denial of Service activity. In: Proceedings of USENIX Security Symposium, Washington, D.C, USA, pp. 9–22 (2001)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 3, pp. 1530–1539 (2002)
Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on TCP. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 208–223. IEEE Computer Society Press, Los Alamitos (1997)
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Communications of the ACM 13, 422–426 (1970)
Estan, C., Keys, K., Moore, D., Vargese, G.: Building a better NetFlow. In: ACM SIGCOMM, pp. 39–42 (2004)
Snoeren, A.C.: Hash-based IP traceback. In: Proceedings of the ACM SIGCOMM Conference, pp. 3–14. ACM Press, New York (2001)
Abdelsayed, S., Glimsholt, D., Leckie, C., Ryan, S., Shami, S.: An efficient filter for denial-of-service bandwidth attacks. In: IEEE Global Telecommunications Conference (GLOBECOM 2003), vol. 3, pp. 1353–1357 (2003)
Chan, E., Chan, H., Chan, K., Chan, V., Chanson, S., et al.: IDR: an intrusion detection router for defending against distributed denial-of-service(DDoS) attacks. In: Proceedings of the 7th International Symposium on Parallel Architectures, Algorithms and Networks 2004 (ISPAN 2004), pp. 581–586 (2004)
Chang, R.K.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Communications Magazine 40, 42–51 (2002)
Snort (Open source network intrusion detection system), http://www.snort.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, Y., Chen, W., Xiao, B. (2005). Detecting SYN Flooding Attacks Near Innocent Side. In: Jia, X., Wu, J., He, Y. (eds) Mobile Ad-hoc and Sensor Networks. MSN 2005. Lecture Notes in Computer Science, vol 3794. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599463_44
Download citation
DOI: https://doi.org/10.1007/11599463_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30856-0
Online ISBN: 978-3-540-32276-4
eBook Packages: Computer ScienceComputer Science (R0)