Name
Title | ||
|---|---|---|
An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently |
Abstract | ||
|---|---|---|
Distributed denial of service (DDoS) attacks seriously threaten Internet services yet there is currently no defence against such attacks that provides both early detection, allowing time for counteraction, and an accurate response. Traditional detection methods rely on passively sniffing an attacking signature and are inaccurate in the early stages of an attack. Current counteractions such as traffic filter or rate-limit methods do not accurately distinguish between legitimate and illegitimate traffic and are difficult to deploy. This work seeks to provide a method that detects SYN flooding attacks in a timely fashion and that responds accurately and independently on the victim side. We use the knowledge of network traffic delay distribution and apply an active probing technique (DARB) to identify half-open connections that, suspiciously, may not arise from normal network congestion. This method is suitable for large network areas and is capable of handling bursts of traffic flowing into a victim server. Accurate filtering is ensured by a counteraction method using IP address and time-to-live(TTL) fields. Simulation results show that our active detection method can detect SYN flooding attacks accurately and promptly and that the proposed rate-limit counteraction scheme can efficiently minimize the damage caused by DDoS attacks and guarantee constant services to legitimate users. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1016/j.jpdc.2007.06.013 | J. Parallel Distrib. Comput. |
Keywords | Field | DocType |
current counteraction,early detection,large network area,network traffic delay distribution,rate-limit method,active detection method,ttl,rate-limit counteraction,throttle attack,syn flooding attack,victim side,illegitimate traffic,traditional detection method,syn flooding,counteraction method,ddos attacks,autonomous defense,traffic filter,distributed denial of service,network congestion,time to live,ddos attack,traffic flow,rate limiting | Internet Protocol,Denial-of-service attack,Computer science,Robust random early detection,Computer security,Computer network,Retard,Network congestion,SYN flood,Traffic congestion,The Internet | Journal |
Volume | Issue | ISSN |
68 | 4 | Journal of Parallel and Distributed Computing |
Citations | PageRank | References |
11 | 0.68 | 23 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Bin Xiao | 1 | 1763 | 129.31 |
| Wei Chen | 2 | 86 | 12.45 |
| Yanxiang He | 3 | 568 | 68.23 |