Title :
SYN-dog: sniffing SYN flooding sources
Author :
Wang, Haining ; Zhang, Danlu ; Shin, Kang G.
Author_Institution :
Real-Time Comput. Lab., Michigan Univ., Ann Arbor, MI, USA
Abstract :
Presents a simple and robust mechanism called SYN-dog to sniff SYN flooding sources. We install SYN-dog as a software agent at leaf routers that connect stub networks to the Internet. The statelessness and low computation overhead of SYN-dog make itself immune to any flooding attacks. The core mechanism of SYN-dog is based on the protocol behavior of TCP SYN-SYN/ACK pairs, and is an instance of the sequential change detection. To make SYN-dog insensitive to site and access pattern, a non-parametric cumulative sum (CUSUM) method is applied, thus making SYN-dog much more generally applicable and its deployment much easier. Due to its proximity to the flooding sources, SYN-dog can trace the flooding sources without resorting to expensive IP traceback.
Keywords :
Internet; client-server systems; security of data; software agents; statistical analysis; telecommunication network routing; telecommunication security; transport protocols; CUSUM method; Internet; SYN flooding sources; SYN-dog; flooding attacks; leaf routers; low computation overhead; nonparametric cumulative sum; protocol behavior; sequential change detection; software agent; statelessness; stub networks; Access protocols; Availability; Computer crime; Floods; IP networks; Internet; Laboratories; Robustness; Software agents; TCPIP;
Conference_Titel :
Distributed Computing Systems, 2002. Proceedings. 22nd International Conference on
Print_ISBN :
0-7695-1585-1
DOI :
10.1109/ICDCS.2002.1022280
