Abstract
TCP connection is a connection oriented, reliable service. It uses 3 way handshake process to establish the connection. Distributed Denial of Service (DDoS) has emerged as one of the major threats to network security as evident from a series of attacks that shutdown some of the most popular websites. This attack prevents legitimate users from accessing the regular internet services by exhausting the victim’s resources, and TCP SYN flooding attack is the most common type of DDoS attack. TCP SYN flooding exploits the TCP’s 3-way handshake mechanism and its limitation in maintaining half open connection. The SYN flooding attack is very hard to detect, because it is difficult to distinguish between legitimate SYN packets and attack SYN packets at the victim’s server. This paper concentrates on the different IP spoofing techniques like Random spoofed source address, Subnet spoofed source address, Fixed spoofed source address and the schemes to detect the DDoS attack. The different schemes are SYN-dog, SYN-cache, SYN-cookies. These schemes are effective only up to a particular extent. This paper concentrates more on a newly proposed scheme which is a router based scheme that uses Counting Bloom Filter algorithm and CUSUM algorithm. The new scheme is highly sensitive and always require a shorter time for the detection of both low intensity and high intensity attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Nashat, D., Jiang, X., Horiguchi, S.: Detecting SYN flooding agents under any type of IP spoofing. In: IEEE International Conference on e-Business Engineering (2009)
CERT Coordinate Center, “Denial of Service Attacks”, http://www.cert.org/techtips/denialofservice.html
Al-Duwairi, B., Manimaran, G.: International dropping: A novel scheme for syn flooding mitigation. In: Proc. Conf. IEEE INFOCOM (April 2006)
Lemon, J.: Resisting SYN Flooding DOS Attacks with SYN Cache. In: Proc. Conf. USENIX BSD (February 2001)
Check Point software Technologies Ltd. SynDefender: http://www.checkpoint.com/products/firewall-1
Netscreen 100 Firewall Appliance, http://www.netscreen.com/
Wang, H., Zhang, D., Shin, K.: SYN-dog: Sniffing SYN flooding sources. In: Proc. Conf. IEEE ICDCS 2002 (July 2002)
Paxson, V., Allman, M.: RFC 2988 - Computing TCP’s Re-transmission Timer (November 2000), http://www.ietf.org/rfc/rfc2988.txt
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. In: Proc. Conf. ACM SIGCOMM Computer Communications Review (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Manoj, R., Tripti, C. (2013). An Effective Approach to Detect DDos Attack. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 178. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31600-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-31600-5_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31599-2
Online ISBN: 978-3-642-31600-5
eBook Packages: EngineeringEngineering (R0)