Abstract:
In this paper we present a novel approach for detecting SYN flooding attacks by investigating the entropy of SYN packet inter-arrival times as a measure of randomness. We...Show MoreMetadata
Abstract:
In this paper we present a novel approach for detecting SYN flooding attacks by investigating the entropy of SYN packet inter-arrival times as a measure of randomness. We argue that normal SYN packets are almost independent leading to higher values of entropy while SYN flooding attacks consist of a high volume of related SYN packets and so the entropy of their inter-arrival times would be less than normal. We apply this entropy-based method on different data sets of network traffic both in off-line and real-time modes.
Published in: 2011 IEEE 36th Conference on Local Computer Networks
Date of Conference: 04-07 October 2011
Date Added to IEEE Xplore: 29 December 2011
ISBN Information: