Skip to main content
SpringerLink
Log in
Book cover

International Conference on Distributed Computing and Internet Technology

ICDCIT 2004: Distributed Computing and Internet Technology pp 385–390Cite as

LSAD: Lightweight SYN Flooding Attack Detector

  • Conference paper

  • 661 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3347))

Abstract

Currently, there are lots of approaches to detect SYN flooding, but they require too many resources to manage most of ongoing traffic. We propose a simple and robust approach to detect SYN flooding attacks by observing essential network information. Instead of managing all ongoing traffic on the network, our approach only monitors SYN count and ratio between SYN and other TCP packets. To make the detection mechanism robustly and easily, we use EWMA (exponentially weight moving average) approach in SPC (statistical process control) [3] [10] [11]. It makes the detection mechanism much more generally applicable and easier to implement. The trace-driven simulation results demonstrate that our proposal is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moore, D., Voelker, G., Savage, S.: Inferring Internet denial of service activity. In: Proceedings of USENIX Security Symposium (2001)

    Google Scholar 

  2. Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proceedings of IEEE INFOCOM (2002)

    Google Scholar 

  3. Drain, D.: Statistical Methods for Industrial Process Control. Chapman & Hall, Boca Raton (1997)

    MATH  Google Scholar 

  4. Shin, S.-w., Kim, K.-y., Jang, J.-s.: Analysis of SYN Traffic: An Empirical Study. Technical Document in ETRI (2004)

    Google Scholar 

  5. Berstein, D.J., Schenk, E.: Linux Kernel SYN Cookies Firewall Project, http://www.bronzesoft.org/projects/scfw

  6. Check Point Software Technologies Ltd. SynDefender, http://www.checkpoint.com/products/firewall-1

  7. Lemon, J.: Resisting SYN Flooding Dos Attacks with a SYN Cache. In: Proceedings of USENIX BSDCon 2002 (2002)

    Google Scholar 

  8. Juniper Networks Integrated Firewall Appliance, http://www.juniper.net

  9. Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a Denial of Service Attack on TCP. In: Proceedings of IEEE Symposium on Security and Privacy (1997)

    Google Scholar 

  10. Montgomery, D.C.: Introduction to Statistical Quality Control. Wiley, Chichester (2001)

    Google Scholar 

  11. Hawkins, D.M., Olwel, D.H.: Cumulative Sum Charts and Charting for Quality Improvement. Springer, Heidelberg (1998)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electronics and Telecommunications Research Institute, 161Gajeong-dong, Yusung-gu, Daejon, Korea

    Seung-won Shin, Ki-young Kim & Jong-soo Jang

Authors
  1. Seung-won Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ki-young Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong-soo Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India

    R. K. Ghosh

  2. Department of Computer and Information Science, University of Hyderabad, Central University PO, 500 046, AP, India

    Hrushikesha Mohanty

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shin, Sw., Kim, Ky., Jang, Js. (2004). LSAD: Lightweight SYN Flooding Attack Detector. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30555-2_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24075-4

  • Online ISBN: 978-3-540-30555-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation