Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack

Article Sidebar

download
Published: Jun 1, 2013
DOI: https://doi.org/10.31026/j.eng.2013.06.10
Keywords:
DDoS attack, TCP SYN flooding attack, spoofed packets, SYN Cookie mechanism, HCF mechanism

Main Article Content

Hamid M. Ali
Ibraheem K. Ibraheem
Sarah W.A. Ahmad

Abstract

The major of DDoS attacks use TCP protocol and the TCP SYN flooding attack is the most common one among them. The SYN Cookie mechanism is used to defend against the TCP SYN flooding attack. It is an effective defense, but it has a disadvantage of high calculations and it doesn’t differentiate spoofed packets from legitimate packets. Therefore, filtering the spoofed packet can effectively enhance the SYN Cookie activity. Hop Count Filtering (HCF) is another mechanism used at the server side to filter spoofed packets. This mechanism has a drawback of being not a perfect and final solution in defending against the TCP SYN flooding attack. An enhanced mechanism of Integrating and combining the SYN Cookie with Hop Count Filtering (HCF) mechanism is proposed to protect the server from TCP SYN flooding. The results show that the defense against SYN flood DDoS attack is enhanced, since the availability of legitimate packets is increased and the time of SYN Cookie activity is delayed.

Article Details

How to Cite
“Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack ” (2013) Journal of Engineering, 19(06), pp. 786–794. doi:10.31026/j.eng.2013.06.10.
Issue
Vol. 19 No. 06 (2013): Journal of Engineering
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

 
 

How to Cite

“Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack ” (2013) Journal of Engineering, 19(06), pp. 786–794. doi:10.31026/j.eng.2013.06.10.
Crossref
Scopus
Google Scholar
Europe PMC

Publication Dates

References

B. R. Swain, “Mitigation of DDoS Attack using a Probabilistic Approach & End System based Strategy”, M.Sc. thesis, at National Institute of Technology, India, May 2009.

C. Jin, H. Wang, K. G. Shin “Hop-Count Filtering: An Effective Defense against Spoofed DDoS Traffic”, ACM, Washington, USA, October 27–30, 2003.

D. Mohamed, “Defense against Distributed Denial of Service Attacks in Computer Networks”, Ph.D thesis, at Graduate School of Information Sciences Tohoku University, March 2010.

J. F. Kurose, K. W. Ross, “Computer Networking a Top-Down Approach”, Fourth Edition, Pearson Education international, 2008.

Mohan H.S, A R. Reddy, “An Effective Defense against Distributed Denial of Service in Grid”, First International Conference on Integrated Intelligent Computing IEEE 2010.

Q. Gu, P. Liu, “Denial of Service Attacks”, June 2007, http://s2.ist.psu.edu/paper/DDoS-ChapGu-June-07.pdf .

V. Praveena, N. Kiruthika, “New Mitigating Technique to Overcome DDOS Attack”, World Academy of Science, Engineering and Technology 45 2008.

Z. Duany, X. Yuan, J. Chandrashekar, “Controlling IP Spoofng based DDoS Attacks Through Inter-Domain Packet Filters”, Proc. IEEE INFOCOM 2006.

Similar Articles

You may also start an advanced similarity search for this article.