Abstract
A distributed denial-of-service (DDoS) attack characterized by flooding SYN packets is one of the network attacks to make the information system unavailable. This kind of attack becomes dangerous and more difficult to prevent and defense when attackers try to send flood SYN packets with spoof source, especially, there packets have information fields as the normal SYN packets. In this study, we propose a method called Packet Identification Anomaly Detection - PIDAD used to defense type of DDoS attack mentioned above. This method based on abnormal information of identification field in IP Header when observing the set of packets received in the victim system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CERT. TCP SYN Flooding and IP Spoofing Attacks. Advisory CA-96.21, September 1996
Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, pp. 226–231 (1996)
Postel, J.: Transmission Control Protocol: DARPA internet program protocol specification, RFC 793, September 1981
Abdelsayed, S., Glimsholt, D., Leckie, C., Ryan, S., Shami,S.: An efficient filter for denial-of-service bandwidth attacks. In: IEEE Global Telecommunications Conference (GLOBECOM 2003), vol. 3, pp. 1353–1357, December 2003
Snoeren, A.C.: Hash-based IP traceback. In: Proceedings of the ACM SIGCOMM Conference, pp. 3–14. ACM Press, August 2001
Yaar, A., Perrig, A., Song, D.: Pi: A path identification mechanism of defend against DDoS attacks. In: IEEE Symposium on Security and Privacy, p. 93 (2003)
Yaar, A., Perrig, A., Song, D.: StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense. CMU-CS-02-208 (2003)
Chen,W., Yeung, D.Y.: Defending against TCP SYN flooding attacks under different types of IP spoofing. In: Fifth International Conference on Networking (ICN) (2006)
Changhua, S., Jindou, F., Lei, S., Bin, L.: A novel router-based scheme to mitigate SYN flooding DDoS attacks. In: IEEE INFOCOM (Poster), Anchorage, Alaska, USA (2007)
Chan, E., Chan, H., Chan, K., Chan, V., Chanson, S., et al.: IDR: an intrusion detection router for defending against distributed denial-of-service(DDoS) attacks. In: Proceedings of the 7th International Symposium on Parallel Architectures, Algorithms and Networks (ISPAN 2004), pp. 581–586 (2004)
Wang, H., Jin, C., Shin, K.G.: Defense Against Spoofed IP Traffic Using Hop-Count Filtering. IEEE/ACM Trans. on Networking 15(1), 40–53 (2007)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based IP filtering. In: ICC 2003, vol. 1, pp. 482–486, May 2003
Zargar, S.T., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks, February 11, 2013
John, A., Sivakumar, T.: DDoS: Survey of Traceback Methods. International Journal of Recent Trends in Engineering ACEEE (Association of Computer Electronics & ElectricalEngineers) 1(2), May 2009
Joao, B., Cabrera, D., et al.: Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study. In: Proceedings of Integrated Network Management, pp. 609–622 (2001)
Jalili, R., ImaniMehr, F.: Detection of distributed denial of service attacks using statistical pre-prossesor and unsupervised neural network. In: ISPEC, pp. 192–203. Springer-Verlag, Heidelberg (2005)
Li, M., Liu, J., Long, D.: Probability principle of reliable approach to detect signs of DDOS flood attacks. In: PDCAT, pp. 596–599. Springer-Verlag, Heidelberg (2004)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based IP filtering. In: ICC 2003, vol. 1, pp. 482–486, May 2003
Wang, H., Jin, C., Shin, K.G.: Defense Against Spoofed IP Traffic Using Hop-Count Filtering. IEEE/ACM Trans. on Networking 15(1), 40–53 (2007)
Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks. IEEE Trans. on Dependable and Secure Computing 3(2), 141–155 (2006)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies(INFOCOM), vol. 3, pp. 1530–1539, June 23–27, 2002
Wang, H., Zhang, D., Shin, K.G.: Change point monitoring for the detection of dos attack. IEEE Transactions on Dependable and Secure Computing 1(4), 193–208 (2004)
Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Thang, T.M., Nguyen, V.K. (2016). Synflood Spoof Source DDoS Attack Defence Based on Packet ID Anomaly Detection - PIDAD. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_72
Download citation
DOI: https://doi.org/10.1007/978-981-10-0557-2_72
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0556-5
Online ISBN: 978-981-10-0557-2
eBook Packages: EngineeringEngineering (R0)