Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique

Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique

This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service at...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ranjan, N., Murthy, H.A., Gonsalves, T.A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer crime
Computer science
Context modeling
Floods
GARCH
Heteroskedasticity
Network servers
Paper technology
Predictive models
TCP SYN flooding
TCPIP
Telecommunication traffic
Traffic control
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 5
container_issue
container_start_page 1
container_title
container_volume
creator Ranjan, N.
Murthy, H.A.
Gonsalves, T.A.
description This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.
doi_str_mv 10.1109/NCC.2010.5430151
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5430151</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5430151</ieee_id><sourcerecordid>5430151</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-54dd0a98f1c07e970ddf6d62cc041987948ff00ca4ca3f9334d83f010a769b493</originalsourceid><addsrcrecordid>eNo1kMFLwzAchSMiqLN3wUuOeuhMmqRtjqPqJowJuounEZNfuriu0SYVJv7xdjjf5fFdvgcPoUtKxpQSebuoqnFGBhKcESroEUpkUVKecZ6zUohjdP4PjJ6iJIR3MoRJVgh2hn7uIIKOzrfYW_zyusC28d64tsYqRqU3AfdhTzW00KnGfYPBqo--g7qDENwXYO1b4_YK1eD1oOt82IBRITrt4g5fTyfP1ewGb72BZq8aBtet--zhAp1Y1QRIDj1Cy4f7ZTVL50_Tx2oyT50kMRXcGKJkaakmBciCGGNzk2daE05lWUheWkuIVlwrZiVj3JTMDpeoIpdvXLIRuvrTOgBYfXRuq7rd6vAX-wWpfGCG</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Ranjan, N. ; Murthy, H.A. ; Gonsalves, T.A.</creator><creatorcontrib>Ranjan, N. ; Murthy, H.A. ; Gonsalves, T.A.</creatorcontrib><description>This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.</description><identifier>ISBN: 1424463831</identifier><identifier>ISBN: 9781424463831</identifier><identifier>EISBN: 9781424463855</identifier><identifier>EISBN: 1424463866</identifier><identifier>EISBN: 9781424463862</identifier><identifier>EISBN: 1424463858</identifier><identifier>DOI: 10.1109/NCC.2010.5430151</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer crime ; Computer science ; Context modeling ; Floods ; GARCH ; Heteroskedasticity ; Network servers ; Paper technology ; Predictive models ; TCP SYN flooding ; TCPIP ; Telecommunication traffic ; Traffic control</subject><ispartof>2010 National Conference On Communications (NCC), 2010, p.1-5</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5430151$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>310,311,781,785,790,791,2059,27929,54924</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5430151$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Ranjan, N.</creatorcontrib><creatorcontrib>Murthy, H.A.</creatorcontrib><creatorcontrib>Gonsalves, T.A.</creatorcontrib><title>Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique</title><title>2010 National Conference On Communications (NCC)</title><addtitle>NCC</addtitle><description>This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.</description><subject>Computer crime</subject><subject>Computer science</subject><subject>Context modeling</subject><subject>Floods</subject><subject>GARCH</subject><subject>Heteroskedasticity</subject><subject>Network servers</subject><subject>Paper technology</subject><subject>Predictive models</subject><subject>TCP SYN flooding</subject><subject>TCPIP</subject><subject>Telecommunication traffic</subject><subject>Traffic control</subject><isbn>1424463831</isbn><isbn>9781424463831</isbn><isbn>9781424463855</isbn><isbn>1424463866</isbn><isbn>9781424463862</isbn><isbn>1424463858</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo1kMFLwzAchSMiqLN3wUuOeuhMmqRtjqPqJowJuounEZNfuriu0SYVJv7xdjjf5fFdvgcPoUtKxpQSebuoqnFGBhKcESroEUpkUVKecZ6zUohjdP4PjJ6iJIR3MoRJVgh2hn7uIIKOzrfYW_zyusC28d64tsYqRqU3AfdhTzW00KnGfYPBqo--g7qDENwXYO1b4_YK1eD1oOt82IBRITrt4g5fTyfP1ewGb72BZq8aBtet--zhAp1Y1QRIDj1Cy4f7ZTVL50_Tx2oyT50kMRXcGKJkaakmBciCGGNzk2daE05lWUheWkuIVlwrZiVj3JTMDpeoIpdvXLIRuvrTOgBYfXRuq7rd6vAX-wWpfGCG</recordid><startdate>201001</startdate><enddate>201001</enddate><creator>Ranjan, N.</creator><creator>Murthy, H.A.</creator><creator>Gonsalves, T.A.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201001</creationdate><title>Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique</title><author>Ranjan, N. ; Murthy, H.A. ; Gonsalves, T.A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-54dd0a98f1c07e970ddf6d62cc041987948ff00ca4ca3f9334d83f010a769b493</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Computer crime</topic><topic>Computer science</topic><topic>Context modeling</topic><topic>Floods</topic><topic>GARCH</topic><topic>Heteroskedasticity</topic><topic>Network servers</topic><topic>Paper technology</topic><topic>Predictive models</topic><topic>TCP SYN flooding</topic><topic>TCPIP</topic><topic>Telecommunication traffic</topic><topic>Traffic control</topic><toplevel>online_resources</toplevel><creatorcontrib>Ranjan, N.</creatorcontrib><creatorcontrib>Murthy, H.A.</creatorcontrib><creatorcontrib>Gonsalves, T.A.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Ranjan, N.</au><au>Murthy, H.A.</au><au>Gonsalves, T.A.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique</atitle><btitle>2010 National Conference On Communications (NCC)</btitle><stitle>NCC</stitle><date>2010-01</date><risdate>2010</risdate><spage>1</spage><epage>5</epage><pages>1-5</pages><isbn>1424463831</isbn><isbn>9781424463831</isbn><eisbn>9781424463855</eisbn><eisbn>1424463866</eisbn><eisbn>9781424463862</eisbn><eisbn>1424463858</eisbn><abstract>This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.</abstract><pub>IEEE</pub><doi>10.1109/NCC.2010.5430151</doi><tpages>5</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1424463831
ispartof 2010 National Conference On Communications (NCC), 2010, p.1-5
issn
language eng
recordid cdi_ieee_primary_5430151
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer crime
Computer science
Context modeling
Floods
GARCH
Heteroskedasticity
Network servers
Paper technology
Predictive models
TCP SYN flooding
TCPIP
Telecommunication traffic
Traffic control
title Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-16T14%3A05%3A29IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Detection%20of%20SYN%20flooding%20attacks%20using%20generalized%20autoregressive%20conditional%20heteroskedasticity%20(GARCH)%20modeling%20technique&rft.btitle=2010%20National%20Conference%20On%20Communications%20(NCC)&rft.au=Ranjan,%20N.&rft.date=2010-01&rft.spage=1&rft.epage=5&rft.pages=1-5&rft.isbn=1424463831&rft.isbn_list=9781424463831&rft_id=info:doi/10.1109/NCC.2010.5430151&rft_dat=%3Cieee_6IE%3E5430151%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781424463855&rft.eisbn_list=1424463866&rft.eisbn_list=9781424463862&rft.eisbn_list=1424463858&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5430151&rfr_iscdi=true