Packet analysis using packet filtering and traffic monitoring techniques

Malicious attackers intended to annihilate the availability of network server with threats such as Transmission Control Protocol (TCP) Synchronized (SYN) Flood. The attackers usually make the server exhausted and unavailable in order to complete the TCP three-way handshake mechanism. Detecting TCP SYN Flood in the Hypertext Transfer Protocol (HTTP) is the main problem in this paper. Anomaly detection is used to detect TCP SYN flood attack focusing in payload and unusable area. The unusual three-way handshake mechanism is also being analyzed. The results show that the proposed detection method using the combination of packet filtering and traffic monitoring can detect TCP SYN Flood in the network.

[1]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[2]  tcpdump Tcpdump/Libpcap public repository , 2010 .

[3]  Masayuki Murata,et al.  Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[4]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[5]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[6]  Evangelos Kranakis,et al.  DNS-based Detection of Scanning Worms in an Enterprise Network , 2005, NDSS.

[7]  Martine Bellaiche,et al.  Source Detection of SYN Flooding Attacks , 2009, 2009 International Conference on Network and Service Security.

[8]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.