Adaptive Timer-Based Countermeasures against TCP SYN Flood Attacks

Adaptive Timer-Based Countermeasures against TCP SYN Flood Attacks

As a result of the rapid development of the Internet in recent years, network security has become an urgent issue. Distributed denial of service (DDoS) attacks are one of the most serious security issues. In particular, 60 percent of the DDoS attacks found on the Internet are TCP attacks, including...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE transactions on communications 2012-01, Vol.E95.B (3), p.866-875
Hauptverfasser: TANABE, Masao, AKAIKE, Hirofumi, AIDA, Masaki, MURATA, Masayuki, IMASE, Makoto
Format: Artikel
Sprache:jpn
Schlagworte:
Countermeasures
Floods
Internet
Networks
Protocol (computers)
Security
TCP (protocol)
Timing devices
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:As a result of the rapid development of the Internet in recent years, network security has become an urgent issue. Distributed denial of service (DDoS) attacks are one of the most serious security issues. In particular, 60 percent of the DDoS attacks found on the Internet are TCP attacks, including SYN flood attacks. In this paper, we propose adaptive timer-based countermeasures against SYN flood attacks. Our proposal utilizes the concept of soft-state protocols that are widely used for resource management on the Internet. In order to avoid deadlock, a server releases resources using a time-out mechanism without any explicit requests from its clients. If we change the value of the timer in accordance with the network conditions, we can add more flexibility to the soft-state protocols. The timer is used to manage the resources assigned to half-open connections in a TCP 3-way handshake mechanism, and its value is determined adaptively according to the network conditions. In addition, we report our simulation results to show the effectiveness of our approach.
ISSN:0916-8516
1745-1345