TY - GEN
T1 - An effective approach to detect ddos attack
AU - Manoj, R.
AU - Tripti, C.
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2013.
Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2013
Y1 - 2013
N2 - TCP connection is a connection oriented, reliable service. It uses 3 way handshake process to establish the connection. Distributed Denial of Service (DDoS) has emerged as one of the major threats to network security as evident from a series of attacks that shutdown some of the most popular web-sites. This attack prevents legitimate users from accessing the regular internet services by exhausting the victim’s resources, and TCP SYN flooding attack is the most common type of DDoS attack. TCP SYN flooding exploits the TCP’s 3-way handshake mechanism and its limitation in maintaining half open con-nection. The SYN flooding attack is very hard to detect, because it is difficult to distinguish between legitimate SYN packets and attack SYN packets at the vic-tim’s server. This paper concentrates on the different IP spoofing techniques like Random spoofed source address, Subnet spoofed source address, Fixed spoofed source address and the schemes to detect the DDoS attack. The different schemes are SYN-dog, SYN-cache, SYN-cookies. These schemes are effective only up to a particular extent. This paper concentrates more on a newly proposed scheme which is a router based scheme that uses Counting Bloom Fil-ter algorithm and CUSUM algorithm. The new scheme is highly sensitive and always require a shorter time for the detection of both low intensity and high intensity attacks.
AB - TCP connection is a connection oriented, reliable service. It uses 3 way handshake process to establish the connection. Distributed Denial of Service (DDoS) has emerged as one of the major threats to network security as evident from a series of attacks that shutdown some of the most popular web-sites. This attack prevents legitimate users from accessing the regular internet services by exhausting the victim’s resources, and TCP SYN flooding attack is the most common type of DDoS attack. TCP SYN flooding exploits the TCP’s 3-way handshake mechanism and its limitation in maintaining half open con-nection. The SYN flooding attack is very hard to detect, because it is difficult to distinguish between legitimate SYN packets and attack SYN packets at the vic-tim’s server. This paper concentrates on the different IP spoofing techniques like Random spoofed source address, Subnet spoofed source address, Fixed spoofed source address and the schemes to detect the DDoS attack. The different schemes are SYN-dog, SYN-cache, SYN-cookies. These schemes are effective only up to a particular extent. This paper concentrates more on a newly proposed scheme which is a router based scheme that uses Counting Bloom Fil-ter algorithm and CUSUM algorithm. The new scheme is highly sensitive and always require a shorter time for the detection of both low intensity and high intensity attacks.
UR - http://www.scopus.com/inward/record.url?scp=84893826028&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893826028&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-31600-5_33
DO - 10.1007/978-3-642-31600-5_33
M3 - Conference contribution
AN - SCOPUS:84893826028
SN - 9783642315992
T3 - Advances in Intelligent Systems and Computing
SP - 339
EP - 345
BT - Advances in Computing and Information Technology- Proceedings of the 2nd International Conference on Advances in Computing and Information Technology, ACITY 2012- Volume 3
A2 - Meghanathan, Natarajan
A2 - Chaki, Nabendu
A2 - Nagamalai, Dhinaharan
PB - Springer Verlag
T2 - 2nd International Conference on Advances in Computing and Information Technology, ACITY 2012
Y2 - 13 July 2012 through 15 July 2012
ER -