Abstract
One of the main problems of network security is Distributed Denial of Service (DDoS) caused by TCP SYN packet flooding. To counteract SYN flooding attack, several defense methods have been proposed. In this paper we investigate a survivability of protected servers under SYN flooding. Analysis and comparison of some typical and well-known defense mechanisms are presented. We discuss critical parameters of the protection. Appropriated mathematical models based on stochastic processes are produced.
“This research was supported by MKE(Ministry of Knowledge Economy), Korea under ITRC(Information Technology Research Center) IITA-2008-(C1090-0801-0046) and ITFSIP(IT Foreign Specialist Inviting Program) IITA-2008-(C1012-0801-0006).”
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Garber, L.: Denial-of-Service Attack Rip the Internet, Computer (April 2000)
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proceedings of USENIX Security Symposium (2001)
CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks (1996), http://www.cert.org/advisories/CA-1996-21.html
Stevens, W.: TCP/IP Illustrated, vol. I. Addison-Wesley Publishing Company, Reading (1994)
Fan, M., Jun-yan, Z., Wan-pei, L., Guo-wei, Y.: Tradeoffs of DDoS solutions. In: Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 198–200 (2003)
Bernstein, D.J.: SYN cookies, http://cr.yp.to/syncookies.html
Schuba, C., Krsul, I., Kuhn, M., Spafford, G., Sundaram, A., Zamboni, D.: Analysis of Denial of Service Attack on TCP. In: Proceedings of IEEE Symp. Security and Privacy (1997)
Zuquete, A.: Improving the functionality of syn cookies. Communications and Multimedia Security, 57–77 (2002)
Lemon, J.: Resisting SYN flooding DoS attacks with a SYN cache. In: Proceedings of USENIX BSDCon. (2002)
Chen, W., Yeung, D.: Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing. In: ICN/ICONS/MCL (2006)
Wang, H., Zhang, D., Shin, K.G.: Change-point monitoring for the detection of DoS attacks. IEEE Trans. on Dependable Secur. Computing 1(4), 193–208 (2004)
Tartakovsky, A.G., Rozovskii, B.L., Blazek, R., Kim, H.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. on Signal Processing 54(9), 3372–3382 (2006)
Shakhov, V.V., Choo, H., Bang, Y.: Discord model for detecting unexpected demands in mobile networks. Future Generation Comp. Syst. 20(2), 181–188 (2004)
Trivedi, K.: Probability & Statistics with Reliability, Queueing, and Computer Science Applications. Prentice Hall, Englewood Cliffs (1982)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shakhov, V.V., Choo, H. (2008). On Modeling Counteraction against TCP SYN Flooding. In: Vazão, T., Freire, M.M., Chong, I. (eds) Information Networking. Towards Ubiquitous Networking and Services. ICOIN 2007. Lecture Notes in Computer Science, vol 5200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89524-4_57
Download citation
DOI: https://doi.org/10.1007/978-3-540-89524-4_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89523-7
Online ISBN: 978-3-540-89524-4
eBook Packages: Computer ScienceComputer Science (R0)