Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique

Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique

This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service at...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ranjan, N., Murthy, H.A., Gonsalves, T.A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer crime
Computer science
Context modeling
Floods
GARCH
Heteroskedasticity
Network servers
Paper technology
Predictive models
TCP SYN flooding
TCPIP
Telecommunication traffic
Traffic control
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.
DOI:10.1109/NCC.2010.5430151