Abstract
Currently, there are lots of approaches to detect SYN flooding, but they require too many resources to manage most of ongoing traffic. We propose a simple and robust approach to detect SYN flooding attacks by observing essential network information. Instead of managing all ongoing traffic on the network, our approach only monitors SYN count and ratio between SYN and other TCP packets. To make the detection mechanism robustly and easily, we use EWMA (exponentially weight moving average) approach in SPC (statistical process control) [3] [10] [11]. It makes the detection mechanism much more generally applicable and easier to implement. The trace-driven simulation results demonstrate that our proposal is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Moore, D., Voelker, G., Savage, S.: Inferring Internet denial of service activity. In: Proceedings of USENIX Security Symposium (2001)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proceedings of IEEE INFOCOM (2002)
Drain, D.: Statistical Methods for Industrial Process Control. Chapman & Hall, Boca Raton (1997)
Shin, S.-w., Kim, K.-y., Jang, J.-s.: Analysis of SYN Traffic: An Empirical Study. Technical Document in ETRI (2004)
Berstein, D.J., Schenk, E.: Linux Kernel SYN Cookies Firewall Project, http://www.bronzesoft.org/projects/scfw
Check Point Software Technologies Ltd. SynDefender, http://www.checkpoint.com/products/firewall-1
Lemon, J.: Resisting SYN Flooding Dos Attacks with a SYN Cache. In: Proceedings of USENIX BSDCon 2002 (2002)
Juniper Networks Integrated Firewall Appliance, http://www.juniper.net
Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a Denial of Service Attack on TCP. In: Proceedings of IEEE Symposium on Security and Privacy (1997)
Montgomery, D.C.: Introduction to Statistical Quality Control. Wiley, Chichester (2001)
Hawkins, D.M., Olwel, D.H.: Cumulative Sum Charts and Charting for Quality Improvement. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shin, Sw., Kim, Ky., Jang, Js. (2004). LSAD: Lightweight SYN Flooding Attack Detector. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_45
Download citation
DOI: https://doi.org/10.1007/978-3-540-30555-2_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)