Sciweavers

RAID
1999
Springer

Defending against a Denial-of-Service Attack on TCP

14 years 4 months ago
Defending against a Denial-of-Service Attack on TCP
In this paper we propose a real-time anomaly detection method for detecting TCP SYN-flooding attacks. This method is based on the intensities of SYN segments which are measured on a network monitoring machine, in realtime. In the currently available solutions we note several important flaws such as the possibility of denying access to legitimate clients and/or causing service degradation at the potential target machines, therefore we aim to minimize such unwanted effects by acting only when it is necessary to do so: during an attack. In order to force the attackers to fall in a detectable region (hence, avoid false negatives) and determine the actual level of threat we are facing we also profit from a series of host based measures such as tuning TCP backlog queue lengths of our servers. Experience showed that complete avoidance from false positives is not possible with this method, however a significant decrease can be reasonably expected. Nevertheless, this requires an acceptable mod...
Pars Mutaf
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where RAID
Authors Pars Mutaf
Comments (0)