A mechanism to defend SYN flooding attack based on network measurement system
暂无分享,去创建一个
SYN flooding attack is a common method employed in denial of service (DoS) and distributed denial of service (DDoS). It's hard to maintain the effective defense merely by passive defense measures such as monitoring and filtering. To avoid influencing the legitimate service requests and stop attacks at the source, the attack-detection and service-protection must be combined with the trace of the attack source. Having studied and concluded the features of such attacks, we propose a few key metrics to judge if an attack is undergoing. In this paper, the based platform, network measurement system (NMS) is outlined first. Then the detection method is discussed in detail, focusing on the features of service-protection, attack-elimination, and how to trace back the attack source. Finally, we present the experiments of the defending mechanism and analyze their results.
[1] Anna R. Karlin,et al. Network support for IP traceback , 2001, TNET.
[2] Kang G. Shin,et al. Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.
[3] Sally Floyd,et al. Wide area traffic: the failure of Poisson modeling , 1995, TNET.