A real-time method for detecting internet-wide SYN flooding attacks
作者: Lihua Miao , Wei Ding , Jian Gong
DOI: 10.1109/LANMAN.2015.7114740
关键词:
摘要: Reports show that DDoS attacks are ubiquitous on the Internet and may jeopardize networks’ stable operation. In order to understand nature of this threat further enable effective control management, a whole picture Internet-wide is necessity. Traditional methods use darknets end. However, with IPv4 address space exhaustion, become hard acquire. paper, we seek detect using live network. particular, focus most prevalent SYN flooding attacks. First, complete attack scenario model introduced according positions attacker, victim attacking address. Then, after discussing features all scenarios, an algorithm named WSAND proposed Netflow data. evaluate it, deployed at 28 main PoPs (Points Presence) China Education Research Network (CERNET) total internal up 200/16 blocks. A large quantity detected in March 2014 discussed detail. With help attacks, case study detecting zombie presented.
sci-hub.se 参考文章(9)
Zhang Weiwei, Gong Jian, Gu Wenjie, Cai Shaomin, NetFlow-based network traffic monitoring asia-pacific network operations and management symposium. pp. 1- 4 ,(2011) , 10.1109/APNOMS.2011.6076975
Eduard Glatz, Xenofontas Dimitropoulos, Classifying internet one-way traffic internet measurement conference. pp. 37- 50 ,(2012) , 10.1145/2398776.2398781
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage, Inferring Internet denial-of-service activity ACM Transactions on Computer Systems. ,vol. 24, pp. 115- 139 ,(2006) , 10.1145/1132026.1132027
Changhua Sun, Chengchen Hu, Yachao Zhou, Xin Xiao, Bin Liu, A More Accurate Scheme to Detect SYN Flood Attacks IEEE INFOCOM Workshops 2009. pp. 304- 305 ,(2009) , 10.1109/INFCOMW.2009.5072099
Haining Wang, Danlu Zhang, Kang G. Shin, Detecting SYN flooding attacks international conference on computer communications. ,vol. 3, pp. 1530- 1539 ,(2002) , 10.1109/INFCOM.2002.1019404
Kuai Xu, Zhi-Li Zhang, Supratik Bhattacharyya, Profiling internet backbone traffic: behavior models and applications acm special interest group on data communication. ,vol. 35, pp. 169- 180 ,(2005) , 10.1145/1080091.1080112
Haining Wang, Danlu Zhang, K.G. Shin, Change-point monitoring for the detection of DoS attacks IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 193- 208 ,(2004) , 10.1109/TDSC.2004.34
David Eckhoff, Tobias Limmer, Falko Dressler, Hash tables for efficient flow monitoring: vulnerabilities and countermeasures local computer networks. pp. 1087- 1094 ,(2009) , 10.1109/LCN.2009.5355211