Detecting SYN Flooding Attacks Near Innocent Side
作者: Yanxiang He , Wei Chen , Bin Xiao
DOI: 10.1007/11599463_44
关键词: SYN flood 、 Computer science 、 Computer network 、 Server 、 Bloom filter 、 The Internet 、 Internet Protocol 、 Transmission Control Protocol 、 Spoofing attack 、 Computer security 、 Denial-of-service attack
摘要: Distributed Denial-of-Service (DDoS) attacks seriously threat the servers in Internet. Most of current research is focused on detection and prevention methods at victim side or source side. However, defense innocent side, whose IP used as spoofed by attacker, always ignored. In this paper, a novel method has been proposed. Our scheme gives accurate results using little storage computation resource. From result experiments, approach presented paper yields DDoS.
springer.com
core.ac.uk
springerlink.com参考文章(9)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
R.K.C. Chang, Defending against flooding-based distributed denial-of-service attacks: a tutorial IEEE Communications Magazine. ,vol. 40, pp. 42- 51 ,(2002) , 10.1109/MCOM.2002.1039856
Alex C. Snoeren, Hash-based IP traceback Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '01. ,vol. 31, pp. 3- 14 ,(2001) , 10.1145/383059.383060
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors Communications of the ACM. ,vol. 13, pp. 422- 426 ,(1970) , 10.1145/362686.362692
Haining Wang, Danlu Zhang, Kang G. Shin, Detecting SYN flooding attacks international conference on computer communications. ,vol. 3, pp. 1530- 1539 ,(2002) , 10.1109/INFCOM.2002.1019404
C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, D. Zamboni, Analysis of a denial of service attack on TCP ieee symposium on security and privacy. pp. 208- 223 ,(1997) , 10.1109/SECPRI.1997.601338
Eric YK Chan, HW Chan, KM Chan, Vivien PS Chan, Samuel T Chanson, Matthew MH Cheung, CF Chong, Kam-Pui Chow, Albert KT Hui, Lucas Chi Kwong Hui, Luke CK Lam, WC Lau, Kevin KH Pun, Anthony YF Tsang, Wai Wan Tsang, Sam CW Tso, Dit-Yan Yeung, Kwun Yin Yu, IDR: an intrusion detection router for defending against distributed denial-of-service (DDoS) attacks international symposium on parallel architectures algorithms and networks. pp. 581- 586 ,(2004) , 10.1109/ISPAN.2004.1300541
S. Abdelsayed, D. Glimsholt, C. Leckie, S. Ryan, S. Shami, An efficient filter for denial-of-service bandwidth attacks global communications conference. ,vol. 3, pp. 1353- 1357 ,(2003) , 10.1109/GLOCOM.2003.1258459
Cristian Estan, Ken Keys, David Moore, George Varghese, Building a better NetFlow Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '04. ,vol. 34, pp. 245- 256 ,(2004) , 10.1145/1015467.1015495