SYN Flooding Attack Detection Based on Entropy Computing

被引:0
作者
Bellaiche, Martine [1 ]
Gregoire, Jean-Charles [2 ]
机构
[1] Ecole Polytech, Genie Informat & Genie Logiciel, Montreal, PQ H3C 3A7, Canada
[2] INRS EMT, Montreal, PQ, Canada
来源
GLOBECOM 2009 - 2009 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1-8 | 2009年
关键词
Denial of Service; SYN Flooding; TCP Handshake; Entropy; Network Security;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
We present an original approach to detect SYN flooding attacks from the victim's side, by monitoring unusual handshake sequences. Detection is done in real-time to allow quick protection and help guarantee a proper defence. Our detection system uses an entropy measure to detect changes in the balance of TCP handshakes. Experiment results show that our method can detect SYN flooding attacks with better accuracy and robustness than traditional stateless methods, and with manageable overhead.
引用
收藏
页码:1079 / 1084
页数:6
相关论文
共 16 条
  • [1] ALDUWAIRI B, 2005, P 24 ANN JOINT C IEE, V4
  • [2] [Anonymous], P DARPA INF SURV C E
  • [3] BELLAICHE M, 2009, SECURITY COMMU UNPUB
  • [4] Blazek R. B., 2001, WORKSH INF ASS SEC I
  • [5] JIN S, 2004, IEEE INT C COMM JUN, V4
  • [6] LIM B, 2005, 3 INT C INF TECHN AP
  • [7] MAHAJAN R, 2002, COMPUTER COMMUNI JUL
  • [8] MIRKOVIC J, 2002, P ICNP NOV
  • [9] MURATA YOM, 2004, IEEE GLOBECOM
  • [10] Analysis of a denial of service attack on TCP
    Schuba, CL
    Krsul, IV
    Kuhn, MG
    Spafford, EH
    Sundaram, A
    Zamboni, D
    [J]. 1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, : 208 - 223
12