DiDDeM: a system for early detection of TCP SYN flood attacks

Author

Haggerty, J. ; Berry, T. ; Shi, Q. ; Merabti, M.

Author_Institution

Sch. of Comput. & Math. Sci., Liverpool John Moores Univ., UK

Volume

4

fYear

2004

fDate

29 Nov.-3 Dec. 2004

Firstpage

2037

Abstract

This paper presents the distributed denial-of-service detection mechanism (DiDDeM) system for early detection of denial-of-service attacks. The design requirements of the system are posited to demonstrate the requirements for an early detection system. An overview of the system is presented to show how these requirements are met. DiDDeM provides a two-tier detection approach. First, pre-filters (PFs) filter traffic for possible attacks. This is achieved through the application of both stateful and stateless signatures utilising routing congestion algorithms. Second, command and control (C²) servers provide intra- and inter-domain co-operation and response to contain an attack within the routing infrastructure. The results for stateful and stateless signature detection of TCP SYN flood attacks are presented.

Keywords

routing protocols; telecommunication congestion control; telecommunication security; transport protocols; DiDDeM; TCP SYN flood attacks; command and control servers; denial-of-service attacks; distributed denial-of-service detection mechanism; flood attack early detection system; inter-domain cooperation; intra-domain cooperation; routing congestion algorithms; stateful signature detection; stateless signature detection; traffic pre-filtering; Command and control systems; Computer crime; Counting circuits; Distributed computing; Floods; Intrusion detection; Monitoring; Routing; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE

Print_ISBN

0-7803-8794-5

Type

conf

DOI

10.1109/GLOCOM.2004.1378370

Filename

1378370