Title :
Study on the prevention of SYN flooding by using traffic policing
Author_Institution :
Nat. Central Police Univ., Tao-Yuan Hsieng, Taiwan
fDate :
6/22/1905 12:00:00 AM
Abstract :
In this paper, the usage parameter control (UPC) mechanisms, adopted in asynchronous transfer mode (ATM) networks, are applied to prevent the network server from SYN flooding attack. The basic idea of the proposed scheme is to consider the server being congested during SYN flooding attack, and the UPC is used as a traffic control mechanism to regulate a great number of arrival SYN packets so that the server can be prevented from denial of services (DoS). Both the sliding window and leaky bucket mechanisms are studied to examine the defense effectiveness. Parameters of the sliding window and leaky bucket are determined according to the abort time, buffer status of the server, and the predicted packet arrival rate. This method provides an alternative concept on security management of network servers. The experimental results also show that the proposed method can effectively prevent the server from SYN flooding attack
Keywords :
asynchronous transfer mode; computer network management; network servers; telecommunication congestion control; telecommunication security; telecommunication traffic; ATM networks; DoS; SYN flooding attack; UPC; abort time; asynchronous transfer mode; buffer status; denial of services; leaky bucket; network server; packet arrival rate; security management; server congestion; sliding window; traffic control mechanism; traffic policing; usage parameter control; Asynchronous transfer mode; Computer crime; Cryptography; Floods; IP networks; Information management; Internet; Network servers; Protection; Web server;
Conference_Titel :
Network Operations and Management Symposium, 2000. NOMS 2000. 2000 IEEE/IFIP
Conference_Location :
Honolulu, HI
Print_ISBN :
0-7803-5928-3
DOI :
10.1109/NOMS.2000.830416
