Review of syn-flooding attack detection mechanism

Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. SYN Flooding is a type of DoS which is harmful to network as the flooding of packets may delay other users from accessing the server and in severe cases, the server may need to be shut down, wasting valuable resources, especially in critical real-time services such as in e-commerce and the medical field. The objective of this paper is to review the state-of-the art of detection mechanisms for SYN flooding. The detection schemes for SYN Flooding attacks have been classified broadly into three categories - detection schemes based on the router data structure, detection schemes based on statistical analysis of the packet flow and detection schemes based on artificial intelligence. The advantages and disadvantages for various detection schemes under each category have been critically examined. The performance measures of the categories have also been compared.

[1]  Xiaohong Jiang,et al.  Router based detection for low-rate agents of DDoS attack , 2008, 2008 International Conference on High Performance Switching and Routing.

[2]  K. Samad,et al.  Review Over Anomaly Detection Algorithms for Detecting SYN Flooding Attacks , 2005, 2005 Student Conference on Engineering Sciences and Technology.

[3]  Guangxue Yue,et al.  DDoS Detection System Based on Data Mining , 2010 .

[4]  Chin-Ling Chen Detecting distributed denial-of-service attack traffic by statistical test , 2008, 2008 Third International Conference on Communications and Networking in China.

[5]  Farzaneh Sadat Tabataba,et al.  Improving false positive in Bloom filter , 2011, 2011 19th Iranian Conference on Electrical Engineering.

[6]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[7]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[8]  Dan Yang,et al.  Global abnormal correlation analysis for DDoS attack detection , 2008, 2008 IEEE Symposium on Computers and Communications.

[9]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[10]  Michel Renovell,et al.  Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream , 2002, Lecture Notes in Computer Science.

[11]  Yongsun Choi,et al.  Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework , 2010 .

[12]  Chao Xu,et al.  Traceback-Based Bloomfilter IPS in Defending SYN Flooding Attack , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[13]  Hema A. Murthy,et al.  Time series models and its relevance to modeling TCP SYN based DoS attacks , 2011, 2011 7th EURO-NGI Conference on Next Generation Internet Networks.

[14]  M. Blasgen Database Systems , 1982, Science.

[15]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[16]  Guiyi Wei,et al.  Detect SYN Flooding Attack in Edge Routers , 2009 .

[17]  Y. Tatar,et al.  Detection SYN Flooding Attacks Using Fuzzy Logic , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[18]  L. Ibrahim ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN) , 2010 .

[19]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.

[20]  Ma Yanchun System for attack recognition based on mining fuzzy association rules , 2010, 2010 International Conference On Computer Design and Applications.

[21]  Bin Liu,et al.  More Accurate and Fast SYN Flood Detection , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[22]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[23]  Xiaohong Jiang,et al.  Detecting SYN Flooding Agents under Any Type of IP Spoofing , 2008, 2008 IEEE International Conference on e-Business Engineering.

[24]  P. Kiran Sree Exploring a Novel Approach for providing Software Security Using Soft Computing Systems , 2008 .

[25]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[26]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[27]  Kanwal Garg,et al.  DETECTION OF DDOS ATTACKS USING DATA MINING , 2011 .

[28]  Daniel T. Larose,et al.  Discovering Knowledge in Data: An Introduction to Data Mining , 2005 .

[29]  Allen Y. Chang,et al.  Early Warning System for DDoS Attacking Based on Multilayer Deployment of Time Delay Neural Network , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[30]  Shoichiro Asano,et al.  Detection Accuracy of Network Anomalies Using Sampled Flow Statistics , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[31]  Bin Liu,et al.  A Novel Router-based Scheme to Mitigate SYN Flooding DDoS Attacks , 2007 .

[32]  Md. Safi Uddin,et al.  Statistical-Based SYN-Flooding Detection Using Programmable Network Processor , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[33]  A. Rungsawang,et al.  Distributed denial of service detection using TCP/IP header and traffic measurement analysis , 2004, IEEE International Symposium on Communications and Information Technology, 2004. ISCIT 2004..

[34]  Vijay K. Gurbani,et al.  Statistical Analysis of Self-Similar Session Initiation Protocol (SIP) Messages for Anomaly Detection , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[35]  Christopher Leckie,et al.  An efficient filter for denial-of-service bandwidth attacks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[36]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[37]  John Yearwood,et al.  Adaptive Clustering with Feature Ranking for DDoS Attacks Detection , 2010, 2010 Fourth International Conference on Network and System Security.

[38]  Peter Mell,et al.  Creating a Patch and Vulnerability Management Program , 2005 .

[39]  Fang-Yie Leu,et al.  Detecting DoS and DDoS Attacks Using Chi-Square , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[40]  C Manusankar,et al.  Intrusion Detection System with packet filtering for IP Spoofing , 2010, 2010 International Conference on Communication and Computational Intelligence (INCOCCI).

[41]  Jörg Ott,et al.  BloomCasting: Security in Bloom Filter Based Multicast , 2010, NordSec.

[42]  Chin-Ling Chen A New Detection Method for Distributed Denial-of-Service Attack Traffic based on Statistical Test , 2009, J. Univers. Comput. Sci..

[43]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[44]  Mohammad Reza Norouzian,et al.  Classifying attacks in a network intrusion detection system based on artificial neural networks , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[45]  Jianhua Li,et al.  Enhancing DDoS Flood Attack Detection via Intelligent Fuzzy Logic , 2010, Informatica.