Packet analysis using packet filtering and traffic monitoring techniques

Author

Haris, H. S C ; Ahmad, R.B. ; Ghani, M.A.H.A. ; Waleed, Ghossoon M.

Author_Institution

Sch. of Comput. & Commun. Eng., Univ. Malaysia Perlis, Kangar, Malaysia

fYear

2010

fDate

5-8 Dec. 2010

Firstpage

271

Lastpage

275

Abstract

Malicious attackers intended to annihilate the availability of network server with threats such as Transmission Control Protocol (TCP) Synchronized (SYN) Flood. The attackers usually make the server exhausted and unavailable in order to complete the TCP three-way handshake mechanism. Detecting TCP SYN Flood in the Hypertext Transfer Protocol (HTTP) is the main problem in this paper. Anomaly detection is used to detect TCP SYN flood attack focusing in payload and unusable area. The unusual three-way handshake mechanism is also being analyzed. The results show that the proposed detection method using the combination of packet filtering and traffic monitoring can detect TCP SYN Flood in the network.

Keywords

computer network security; network servers; telecommunication traffic; transport protocols; TCP three-way handshake mechanism; hypertext transfer protocol; malicious attackers; network server; packet analysis; packet filtering; traffic monitoring techniques; transmission control protocol synchronized flood attack; Filtering; Floods; IP networks; Monitoring; Payloads; Protocols; Servers; HTTP; IP; Packet Filtering; TCP SYN Flood; Traffic Monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Applications and Industrial Electronics (ICCAIE), 2010 International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4244-9054-7

Type

conf

DOI

10.1109/ICCAIE.2010.5735088

Filename

5735088