Title :
A novel SYN Cookie method for TCP layer DDoS attack
Author :
Bo Hang ; Hu, Ruimin
Author_Institution :
Math. & Comput. Sci. Coll., Xiangfan Univ., Xiangfan, China
Abstract :
With the development of network, the issues of network security are rapidly becoming a serious problem, and the Denial of Service (DoS) attack has already become the greatest threat to the network. SYN Flood attack is one of the most common distributed denial of service attack way (DDoS). This paper presents an improved SYN Cookie method, designing a novel attack detector processing and a enhanced attack respondor with a new cookie verification algorithm and changing the definition of cookie field, to reduce algorithm complexity with the ensurance of security. The experiment results show that the proposed method provided an average computational complexity reduction of 30% compared with the traditional method. The new method can be an effective defense against the TCP SYN Flood attack with a lower complexity.
Keywords :
computer network security; transport protocols; SYN Cookie method; TCP layer DDoS attack; attack detector processing; cookie verification algorithm; distributed denial of service attack; network security; Biomedical engineering; Computer crime; Computer networks; Computer science; Educational institutions; Floods; Large-scale systems; Mathematics; Network servers; Protocols; DDoS; SYN Cookie; SYN Flood;
Conference_Titel :
BioMedical Information Engineering, 2009. FBIE 2009. International Conference on Future
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-4690-2
Electronic_ISBN :
978-1-4244-4692-6
DOI :
10.1109/FBIE.2009.5405818
