Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.2.119

Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card  

Kim, Byoung-Koo (Sungkyunkwan University)
Kim, Ik-Kyun (ETRI)
Kim, Dae-Won (ETRI)
Oh, Jin-Tae (ETRI)
Jang, Jong-Soo (ETRI)
Chung, Tai-Myoung (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.2, 2011 , pp. 119-129 More about this Journal
Abstract
TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.
Keywords
DDoS attack; NIC_Cookie; TCP Proxy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Check Point Software Technologies Ltd. "TCP syn flooding attack and the firewall-1 SYNdefender," 1997.
2 C. Smith and A. Matrawy, "Comparison of operating system implementations of SYN flood defenses (cookies)," Communications, 2008 24th Biennial Symposium on, pp. 243-246, 2008.
3 J. Lemon, "Resisting SYN flood DoS attacks with a SYN cache," In Proceedings of the BSDCon 2002, Feb. 2002.
4 J. Udhayan and R. Anitha, " Demystifying and rate limiting ICMP hosted DoS/DDoS flooding attacks with attack productivity analysis," Advanced Computing Conference, IACC 2009. IEEE International, pp. 558-564, Mar. 2009.
5 Netscreen 5400 Firewall Appliance, http://www.juniper.net/us/en/product s-services/security/netscreen/
6 OpenBSD Packet Filter Manual, ftp://ftp.openbsd.org/pub/OpenBSD/do c/pf-faq.pdf
7 D.J. Bernstein, SYN Cookies. http://cr. yp..to/syncookies.html, 2007.
8 Eddy, W. "Defenses against TCP SYN flooding attacks," Cisco Internet Protocol Journal vol.8, no. 4, Dec. 2006.
9 W. Eddy, "TCP SYN flooding attacks and common mitigation," RFC 4987, 2007.
10 L. Ricciulli, P. Lincoln, and P. Kakkar, "TCP SYN flooding defense," In Comm. Net. and Dist. Systems Modeling and Simulation Conf. (CNDS' 99), 1999 Western MultiConf. (WMC' 99), Jan. 1999.
11 D. Moore, G. Voelker, and S. Savage, "Inferring internet denial of service activity," Proceedings of USENIX Security Symposium '2001, Aug. 2001.
12 R. Stewart and Q. Xie, "Stream control transmission protocol(SCTP): a reference guide," Addison Wesley Professional, New York, NY, 2001.
13 Wei Zhou Lu, and Shun Zheng Yu, "AHTTP flooding detection method based on browser behavior," 2006 International Conference on IEEE Computational Intelligence and Security, vol 2, pp. 1151-1154, Nov. 2006.