DocumentCode
3309519
Title
A Probabilistic Drop Scheme for Mitigating SYN Flooding Attacks
Author
Ming, Yu
Author_Institution
Sch. of Electron. & Inf. Eng., Dalian Univ. of Technol., Dalian
Volume
1
fYear
2009
fDate
25-26 April 2009
Firstpage
732
Lastpage
734
Abstract
SYN flooding has been a serious security threat to Internet. For a host server, it is necessary to take some kind of admission control in defense against SYN flooding attacks. In this paper, a probabilistic drop scheme is presented for implementation in a host server to mitigate SYN flooding attacks. An analytical model is proposed for this scheme, and a general principle for evaluating the probability of successful connection establishment during a SYN flooding attack is presented. Performance analysis results show (i) retransmission behavior of an application has positive influence on the successful establishment of its connection requests; (ii) a higher probability of connection establishment can be obtained by the probabilistic drop scheme than that by the random drop scheme when a SYN flooding attack occurs.
Keywords
Internet; probability; telecommunication congestion control; telecommunication security; Internet security; SYN flooding attacks; admission control; host server; probabilistic drop scheme; Admission control; Analytical models; Data structures; Floods; Information security; Performance analysis; Protection; Resource management; Web server; Wireless communication; DDoS mitigation; SYN flooding; host security policy; network security; performance analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location
Wuhan, Hubei
Print_ISBN
978-1-4244-4223-2
Type
conf
DOI
10.1109/NSWCTC.2009.26
Filename
4908367
Link To Document