ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

A SYN flooding attack detection approach with hierarchical policies based on self-information

  • Sun, Jia-Rong (Department of Computer Science and Information Engineering, Asia University) ;
  • Huang, Chin-Tser (Department of Computer Science and Engineering, University of South Carolina) ;
  • Hwang, Min-Shiang (Department of Computer Science and Information Engineering, Asia University)
  • Received : 2018.08.19
  • Accepted : 2021.07.16
  • Published : 2022.04.10
Download PDF
⟨ Previous Next ⟩

Abstract

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

Keywords

Acknowledgement

The Ministry of Science and Technology partially supported this research, Taiwan (ROC), under contract nos. MOST 109-2221-E-468-011-MY3, MOST 108-2410-H-468-023, and MOST 108-2622-8-468-001-TM1. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.

References

  1. W. Eddy, TCP SYN flooding attacks and common mitigations, RFC 4987, Aug. 2007.
  2. M. Hussain, J. Ren, and A. Akram, Classification of DoS attacks in wireless sensor network with artificial neural network, Int. J. Netw. Secur. 22 (2020), no. 3, 542-549.
  3. M. Handley and E. Rescorla, IAB, internet denial-of-service considerations, RFC 4732, Nov. 2006.
  4. Y. Zhao, W. Cui, and Y. Feng, A detection method based on behavior-path representation against application-layer DDoS attacks, Int. J. Netw. Secur. 23 (2021), no. 2, 229-237.
  5. J. Postel, Transmission control protocol-DARPA internet program protocol specification, RFC 793, Sept. 1981.
  6. S. Sedaghat, The forensics of DDoS attacks in the fifth generation mobile networks based on software-defined networks, Int. J. Netw. Secur. 22 (2020), no. 1, 41-53.
  7. C. Sorrells and L. Qian, Quickest detection of denial-of-service attacks in cognitive wireless networks, Int. J. Netw. Secur. 16 (2014), no. 6, 468-476.
  8. S. Ghanti and G. M. Naik, Defense techniques of SYN flood attack characterization and comparisons, Int. J. Netw. Secur. 20 (2018), no. 4, 721-729.
  9. M. Geva, A. Herzberg, and Y. Gev, Bandwidth distributed denial of service: Attacks and defenses, IEEE Secur. Priv. 1 (2014), 54-61.
  10. B. Mihajlov and M. Bogdanoski, Analysis of the WSN MAC protocols under jamming DoS attack, Int. J. Netw. Secur. 16 (2014), no. 4, 304-312.
  11. I. H. Supriyanto et al., Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods, IETE Technic. Rev. 30 (2013), no. 1, 64-71. https://doi.org/10.4103/0256-4602.107341
  12. L. Y. Benga et al., A survey of intrusion alert correlation and its design considerations, IETE Technic. Rev. 31 (2014), no. 3, 233-240. https://doi.org/10.1080/02564602.2014.906864
  13. C. Callegari, S. Giordano, and M. Pagano, Entropy-based network anomaly detection, in Proc. Int. Conf. Comput., Netw. Commun. (Silicon Valley, CA, USA), Jan. 2017.
  14. A. A. Waskita, H. Suhartanto, and L. T. Handoko, A performance study of anomaly detection using entropy method, in Proc. Int. Conf. Comput., Contr., Inf. Its. Appl. (Tangerang, Indonesia), Oct. 2016.
  15. S. K. Gautam and H. Om, Anomaly detection system using entropy based technique, in Proc. Int. Conf. Next Gener. Comput. Technol. (Dehradun, India), Sept. 2015.
  16. H. Wang, D. Zhang and K. G. Shin, Detecting SYN flooding attacks, in Proc. Annu. Joint Conf. IEEE Comput. Commun. Soc. (New York, NY, USA), June 2002.
  17. V. A. Siris and F. Papaglou, Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks, in Proc. IEEE Glob. Telecommun. Conf. (Dallas, TX, USA), Nov. 2004.
  18. J. Yu et al., Traffic Flooding Attack Detection with SNMP MIB Using SVM, Comput. Comm. 31 (2008), no. 17, 4212-4219. https://doi.org/10.1016/j.comcom.2008.09.018
  19. H. C. Chen et al., An approach for detecting flooding attack based on integrated entropy measurement in e-mail server, in Advanced Technologies, Embedded and Multimedia for Human-centric Computing, vol. 260, Springer, Dordrecht, Netherlands, 2014, pp. 941-952.
  20. J. Myers and M. Rose, Post office protocol-Version 3, RFC 1939, May 1996.
  21. M. Bellaiche and J. Gregoire, SYN flooding attack detection based on entropy computing, in Proc. IEEE Glob. Telecommun. Conf. (Honolulu, HI, USA), Nov. 2009.
  22. C. E. Shannon, A mathematical theory of communication, Bell Syst. Tech. J. 27 (1948no. 3, 379-423 & 623-656.
  23. H. C. Chen et al., A New Approach for Detecting SMTPFA Based on Entropy Measurement, in Proc. IFIP Int. Conf. Netw. Parall. Comput. (Gwangju, Korea), Sept. 2012, pp. 349-359.
  24. J. Klensin, Simple mail transfer protocol, RFC5321, Oct. 2008.
  25. M. Crispin, Internet message access protocol-Version 4, RFC 3501, Mar. 2003.
  26. R. Fielding et al., Hypertext transfer protocol - HTTP/1.1, RFC 2616, June 1999.