Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack

Main Article Content

Hamid M. Ali
Ibraheem K. Ibraheem
Sarah W.A. Ahmad

Abstract

The major of DDoS attacks use TCP protocol and the TCP SYN flooding attack is the most common one among them. The SYN Cookie mechanism is used to defend against the TCP SYN flooding attack. It is an effective defense, but it has a disadvantage of high calculations and it doesn’t differentiate spoofed packets from legitimate packets. Therefore, filtering the spoofed packet can effectively enhance the SYN Cookie activity. Hop Count Filtering (HCF) is another mechanism used at the server side to filter spoofed packets. This mechanism has a drawback of being not a perfect and final solution in defending against the TCP SYN flooding attack. An enhanced mechanism of Integrating and combining the SYN Cookie with Hop Count Filtering (HCF) mechanism is proposed to protect the server from TCP SYN flooding. The results show that the defense against SYN flood DDoS attack is enhanced, since the availability of legitimate packets is increased and the time of SYN Cookie activity is delayed.

Article Details

Section

Articles

How to Cite

“Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack ” (2013) Journal of Engineering, 19(06), pp. 786–794. doi:10.31026/j.eng.2013.06.10.

References

B. R. Swain, “Mitigation of DDoS Attack using a Probabilistic Approach & End System based Strategy”, M.Sc. thesis, at National Institute of Technology, India, May 2009.

C. Jin, H. Wang, K. G. Shin “Hop-Count Filtering: An Effective Defense against Spoofed DDoS Traffic”, ACM, Washington, USA, October 27–30, 2003.

D. Mohamed, “Defense against Distributed Denial of Service Attacks in Computer Networks”, Ph.D thesis, at Graduate School of Information Sciences Tohoku University, March 2010.

J. F. Kurose, K. W. Ross, “Computer Networking a Top-Down Approach”, Fourth Edition, Pearson Education international, 2008.

Mohan H.S, A R. Reddy, “An Effective Defense against Distributed Denial of Service in Grid”, First International Conference on Integrated Intelligent Computing IEEE 2010.

Q. Gu, P. Liu, “Denial of Service Attacks”, June 2007, http://s2.ist.psu.edu/paper/DDoS-ChapGu-June-07.pdf .

V. Praveena, N. Kiruthika, “New Mitigating Technique to Overcome DDOS Attack”, World Academy of Science, Engineering and Technology 45 2008.

Z. Duany, X. Yuan, J. Chandrashekar, “Controlling IP Spoofng based DDoS Attacks Through Inter-Domain Packet Filters”, Proc. IEEE INFOCOM 2006.

Similar Articles

You may also start an advanced similarity search for this article.