Title :
Detection of SYN flooding attacks using generalized autoregressive conditional heteroskedasticity (GARCH) modeling technique
Author :
Ranjan, Nikhil ; Murthy, Hema A. ; Gonsalves, Timothy A.
Author_Institution :
Dept. of Comput. Sci. & Eng., Indian Inst. of Technol. Madras, Chennai, India
Abstract :
This paper explores a fast and effective method to detect TCP SYN flooding attack. The Generalized autoregressive conditional heteroskedastic (GARCH) model which is the most commonly used statistical modeling technique for financial time series is proposed as a new technique for Denial of service attack detection. The exponential backoff and retransmission property of TCP during timeouts is exploited in the detection mechanism. We are able to detect low as well as high intensity SYN flooding attacks by modeling the difference between SYN and SYN+ACK packets using GARCH. Our studies show that this non linear volatility model performs better than earlier models like Linear Prediction.
Keywords :
autoregressive processes; regression analysis; security of data; transport protocols; SYN flooding attack detection; SYN+ACK packets; TCP SYN flooding attack detection; denial of service attack detection; exponential backoff; generalized autoregressive conditional heteroskedasticity modeling; nonlinear volatility model; retransmission property; statistical modeling technique; Computer crime; Computer science; Context modeling; Floods; Network servers; Paper technology; Predictive models; TCPIP; Telecommunication traffic; Traffic control; GARCH; Heteroskedasticity; TCP SYN flooding;
Conference_Titel :
Communications (NCC), 2010 National Conference on
Conference_Location :
Chennai
Print_ISBN :
978-1-4244-6383-1
DOI :
10.1109/NCC.2010.5430151
