Browse > Article
http://dx.doi.org/10.4218/etrij.2018-0382

A SYN flooding attack detection approach with hierarchical policies based on self-information  

Sun, Jia-Rong (Department of Computer Science and Information Engineering, Asia University)
Huang, Chin-Tser (Department of Computer Science and Engineering, University of South Carolina)
Hwang, Min-Shiang (Department of Computer Science and Information Engineering, Asia University)
Publication Information
ETRI Journal / v.44, no.2, 2022 , pp. 346-354 More about this Journal
Abstract
The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.
Keywords
denial-of-service (DoS) attack; self-information; SYN flooding attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. A. Waskita, H. Suhartanto, and L. T. Handoko, A performance study of anomaly detection using entropy method, in Proc. Int. Conf. Comput., Contr., Inf. Its. Appl. (Tangerang, Indonesia), Oct. 2016.
2 H. Wang, D. Zhang and K. G. Shin, Detecting SYN flooding attacks, in Proc. Annu. Joint Conf. IEEE Comput. Commun. Soc. (New York, NY, USA), June 2002.
3 V. A. Siris and F. Papaglou, Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks, in Proc. IEEE Glob. Telecommun. Conf. (Dallas, TX, USA), Nov. 2004.
4 H. C. Chen et al., An approach for detecting flooding attack based on integrated entropy measurement in e-mail server, in Advanced Technologies, Embedded and Multimedia for Human-centric Computing, vol. 260, Springer, Dordrecht, Netherlands, 2014, pp. 941-952.
5 J. Myers and M. Rose, Post office protocol-Version 3, RFC 1939, May 1996.
6 C. E. Shannon, A mathematical theory of communication, Bell Syst. Tech. J. 27 (1948no. 3, 379-423 & 623-656.
7 M. Crispin, Internet message access protocol-Version 4, RFC 3501, Mar. 2003.
8 R. Fielding et al., Hypertext transfer protocol - HTTP/1.1, RFC 2616, June 1999.
9 W. Eddy, TCP SYN flooding attacks and common mitigations, RFC 4987, Aug. 2007.
10 B. Mihajlov and M. Bogdanoski, Analysis of the WSN MAC protocols under jamming DoS attack, Int. J. Netw. Secur. 16 (2014), no. 4, 304-312.
11 M. Hussain, J. Ren, and A. Akram, Classification of DoS attacks in wireless sensor network with artificial neural network, Int. J. Netw. Secur. 22 (2020), no. 3, 542-549.
12 C. Sorrells and L. Qian, Quickest detection of denial-of-service attacks in cognitive wireless networks, Int. J. Netw. Secur. 16 (2014), no. 6, 468-476.
13 H. C. Chen et al., A New Approach for Detecting SMTPFA Based on Entropy Measurement, in Proc. IFIP Int. Conf. Netw. Parall. Comput. (Gwangju, Korea), Sept. 2012, pp. 349-359.
14 M. Handley and E. Rescorla, IAB, internet denial-of-service considerations, RFC 4732, Nov. 2006.
15 Y. Zhao, W. Cui, and Y. Feng, A detection method based on behavior-path representation against application-layer DDoS attacks, Int. J. Netw. Secur. 23 (2021), no. 2, 229-237.
16 J. Postel, Transmission control protocol-DARPA internet program protocol specification, RFC 793, Sept. 1981.
17 S. Sedaghat, The forensics of DDoS attacks in the fifth generation mobile networks based on software-defined networks, Int. J. Netw. Secur. 22 (2020), no. 1, 41-53.
18 M. Bellaiche and J. Gregoire, SYN flooding attack detection based on entropy computing, in Proc. IEEE Glob. Telecommun. Conf. (Honolulu, HI, USA), Nov. 2009.
19 S. K. Gautam and H. Om, Anomaly detection system using entropy based technique, in Proc. Int. Conf. Next Gener. Comput. Technol. (Dehradun, India), Sept. 2015.
20 J. Yu et al., Traffic Flooding Attack Detection with SNMP MIB Using SVM, Comput. Comm. 31 (2008), no. 17, 4212-4219.   DOI
21 J. Klensin, Simple mail transfer protocol, RFC5321, Oct. 2008.
22 C. Callegari, S. Giordano, and M. Pagano, Entropy-based network anomaly detection, in Proc. Int. Conf. Comput., Netw. Commun. (Silicon Valley, CA, USA), Jan. 2017.
23 S. Ghanti and G. M. Naik, Defense techniques of SYN flood attack characterization and comparisons, Int. J. Netw. Secur. 20 (2018), no. 4, 721-729.
24 M. Geva, A. Herzberg, and Y. Gev, Bandwidth distributed denial of service: Attacks and defenses, IEEE Secur. Priv. 1 (2014), 54-61.
25 I. H. Supriyanto et al., Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods, IETE Technic. Rev. 30 (2013), no. 1, 64-71.   DOI
26 L. Y. Benga et al., A survey of intrusion alert correlation and its design considerations, IETE Technic. Rev. 31 (2014), no. 3, 233-240.   DOI