Defending against a Denial-of-Service Attack on TCP

14 years 3 months ago

Download www.raid-symposium.org

In this paper we propose a real-time anomaly detection method for detecting TCP SYN-flooding attacks. This method is based on the intensities of SYN segments which are measured on a network monitoring machine, in realtime. In the currently available solutions we note several important flaws such as the possibility of denying access to legitimate clients and/or causing service degradation at the potential target machines, therefore we aim to minimize such unwanted effects by acting only when it is necessary to do so: during an attack. In order to force the attackers to fall in a detectable region (hence, avoid false negatives) and determine the actual level of threat we are facing we also profit from a series of host based measures such as tuning TCP backlog queue lengths of our servers. Experience showed that complete avoidance from false positives is not possible with this method, however a significant decrease can be reasonably expected. Nevertheless, this requires an acceptable mod...

Pars Mutaf

Real-time Traffic

Avoid False Negatives | Computer Networks | False Positive | RAID 1999 | TCP SYN-flooding Attacks |

claim paper

Post Info
More Details (n/a)

Added	04 Aug 2010
Updated	04 Aug 2010
Type	Conference
Year	1999
Where	RAID
Authors	Pars Mutaf

Comments (0)

Sciweavers

Defending against a Denial-of-Service Attack on TCP

Avoid False Negatives | Computer Networks | False Positive | RAID 1999 | TCP SYN-flooding Attacks |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers