D-SAT: detecting SYN flooding attack by two-stage statistical approach

We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and ot...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Seung-won Shin, Ki-young Kim, Jong-soo Jang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and other TCP packets at first time. And it detects SYN flooding and finds victims more accurately in its second stage. To make the detection mechanism robustly and easily, D-SAT uses CUSUM (cumulative sum) approach in SPC (statistical process control) (H. Wang et al., 2002) (D.C. Montgomery, 2001) (D.M. Hawkins et al., 1998). It makes the detection mechanism much more generally applicable and easier to implement. D-SAT also employed AFM (aggregation flow management) for finding victims quickly and accurately. The trace-driven simulation results demonstrate that D-SAT system is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.
DOI:10.1109/SAINT.2005.18