An active detecting method against SYN flooding attack

Bin Xiao; Wei Chen; Yanxiang He; Edwin H.M. Sha

doi:10.1109/ICPADS.2005.67

An active detecting method against SYN flooding attack

Bin Xiao^*
, Wei Chen
, Yanxiang He
, Edwin H.M. Sha

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

41 Scopus citations

Abstract

SYN flooding attacks are a common type of Distributed Denial-of-Service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme-DARB obtains the delay of routers by sending packets containing special Time-to-Live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.

Original language	English
Title of host publication	Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005
Editors	L. Barolli
Pages	709-715
Number of pages	7
DOIs	https://doi.org/10.1109/ICPADS.2005.67
State	Published - 2005
Externally published	Yes
Event	11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005 - Fukuoka, Japan Duration: 20 Jul 2005 → 22 Jul 2005

Publication series

Name	Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
Volume	1
ISSN (Print)	1521-9097

Conference

Conference	11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005
Country/Territory	Japan
City	Fukuoka
Period	20/07/05 → 22/07/05

Access to Document

10.1109/ICPADS.2005.67

Cite this

Xiao, B., Chen, W., He, Y., & Sha, E. H. M. (2005). An active detecting method against SYN flooding attack. In L. Barolli (Ed.), Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005 (pp. 709-715). (Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS; Vol. 1). https://doi.org/10.1109/ICPADS.2005.67

@inproceedings{ecf2320eb5674db7b658c9bc96ab42d0,

title = "An active detecting method against SYN flooding attack",

abstract = "SYN flooding attacks are a common type of Distributed Denial-of-Service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme-DARB obtains the delay of routers by sending packets containing special Time-to-Live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.",

author = "Bin Xiao and Wei Chen and Yanxiang He and Sha, \{Edwin H.M.\}",

year = "2005",

doi = "10.1109/ICPADS.2005.67",

language = "英语",

isbn = "0769522815",

series = "Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS",

pages = "709--715",

editor = "L. Barolli",

booktitle = "Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005",

note = "11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005 ; Conference date: 20-07-2005 Through 22-07-2005",

}

Xiao, B, Chen, W, He, Y & Sha, EHM 2005, An active detecting method against SYN flooding attack. in L Barolli (ed.), Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005. Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS, vol. 1, pp. 709-715, 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005, Fukuoka, Japan, 20/07/05. https://doi.org/10.1109/ICPADS.2005.67

An active detecting method against SYN flooding attack. / Xiao, Bin; Chen, Wei; He, Yanxiang et al.
Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005. ed. / L. Barolli. 2005. p. 709-715 (Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An active detecting method against SYN flooding attack

AU - Xiao, Bin

AU - Chen, Wei

AU - He, Yanxiang

AU - Sha, Edwin H.M.

PY - 2005

Y1 - 2005

N2 - SYN flooding attacks are a common type of Distributed Denial-of-Service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme-DARB obtains the delay of routers by sending packets containing special Time-to-Live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.

AB - SYN flooding attacks are a common type of Distributed Denial-of-Service (DDoS) attack. Early detection is desirable but traditional passive detection methods are inaccurate in the early stages due to their reliance on passively sniffing an attacking signature. The method presented in this paper captures attacking signatures using an active probing scheme that ensures the efficient early detection. The active probing scheme-DARB obtains the delay of routers by sending packets containing special Time-to-Live set at the IP headers. The results of the probe are used to perform SYN flooding detection, which is reliable and with little overhead. This approach is more independent than other methods that require cooperation from network devices. Experiments show that this delay-probing approach distinguishes half-open connections caused by SYN flooding attacks from those arising from other causes accurately and at an early stage.

UR - https://www.scopus.com/pages/publications/23944521338

U2 - 10.1109/ICPADS.2005.67

DO - 10.1109/ICPADS.2005.67

M3 - 会议稿件

AN - SCOPUS:23944521338

SN - 0769522815

T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS

SP - 709

EP - 715

BT - Proceedings - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005

A2 - Barolli, L.

T2 - 11th International Conference on Parallel and Distributed Systems Workshops, ICPADS 2005

Y2 - 20 July 2005 through 22 July 2005

ER -

An active detecting method against SYN flooding attack

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this