Title :
A Probabilistic Drop Scheme for Mitigating SYN Flooding Attacks
Author_Institution :
Sch. of Electron. & Inf. Eng., Dalian Univ. of Technol., Dalian
Abstract :
SYN flooding has been a serious security threat to Internet. For a host server, it is necessary to take some kind of admission control in defense against SYN flooding attacks. In this paper, a probabilistic drop scheme is presented for implementation in a host server to mitigate SYN flooding attacks. An analytical model is proposed for this scheme, and a general principle for evaluating the probability of successful connection establishment during a SYN flooding attack is presented. Performance analysis results show (i) retransmission behavior of an application has positive influence on the successful establishment of its connection requests; (ii) a higher probability of connection establishment can be obtained by the probabilistic drop scheme than that by the random drop scheme when a SYN flooding attack occurs.
Keywords :
Internet; probability; telecommunication congestion control; telecommunication security; Internet security; SYN flooding attacks; admission control; host server; probabilistic drop scheme; Admission control; Analytical models; Data structures; Floods; Information security; Performance analysis; Protection; Resource management; Web server; Wireless communication; DDoS mitigation; SYN flooding; host security policy; network security; performance analysis;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.26
