Title :
A Comparison of SYN Flood Detection Algorithms
Author :
Beaumont-Gay, Matt
Author_Institution :
UCLA Comput. Sci., Los Angeles
Abstract :
The problem of detecting distributed denial of service (DDoS) attacks, and particularly SYN flood attacks, has received much attention in current literature. A variety of algorithms for detecting such attacks have been published. Researchers have tested their own algorithms using traces containing real or synthetic attacks, and have reported good results based on those tests. However, the traces used and parameters of the attacks seen or generated vary greatly between published works. This paper compares three published SYN flood detection algorithms using traces collected from the UCLA Computer Science Department network and synthetic attacks in an Emulab network. The algorithms vary significantly in the speed at which they detect the start and end of attacks, their false positive and false negative rates, the types of non- DDoS activity they detect, and other properties. Their qualitative strengths and weaknesses are discussed, and suggestions are made for enhancements.
Keywords :
security of data; Emulab network; SYN flood detection algorithms; distributed denial of service attacks; false negative rates; real attacks; synthetic attacks; Bandwidth; Change detection algorithms; Computer crime; Computer science; Detection algorithms; Floods; Network servers; Random variables; Telecommunication traffic; Testing;
Conference_Titel :
Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on
Conference_Location :
San Jose, CA
Print_ISBN :
0-7695-2911-9
Electronic_ISBN :
0-7695-2911-9
DOI :
10.1109/ICIMP.2007.1
