A collaborative defense mechanism against SYN flooding attacks in IP networks

Journal of Network and Computer Applications

Volumn 31, Issue 4, 2008, Pages 509-534

  Safa, Haidar ^a   Chouman, Mohamad ^a   Artail, Hassan ^a   Karam, Marcel ^a  

^a AMERICAN UNIVERSITY OF BEIRUT   (Lebanon)

Author keywords

Denial of Service; IP spoofing; Network security; SYN flooding

Indexed keywords

COMMUNICATION; LAW ENFORCEMENT; LAWS AND LEGISLATION; MECHANISMS; NETWORK PROTOCOLS; ROUTERS; SATELLITE LINKS; TRANSMISSION CONTROL PROTOCOL;

(E ,3E) PROCESS; COMMUNICATION PROTOCOLS; EDGE ROUTER (ER); ELSEVIER (CO); FLOODING ATTACKS; INTERNET PROTOCOL (IP) ADDRESSES; IP NETWORKS; SIMULATION RESULTS; TCP CONNECTIONS; THREE WAY HANDSHAKE; TRANSMISSION CONTROL PROTOCOL (TCP);

INTERNET PROTOCOLS;

EID: 47949098054     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2007.12.004     Document Type: Article

References (31)

1. CERT: advisory CA-1998-01. Smurf IP Denial of Service Attacks, available at 〈http://www.cert.org/advisories/CA-1998-01.html〉; January 1998.
2. Chen Y-W. Study on the prevention of SYN flooding by using traffic policing. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2000), 2000, p. 593-604.
3. Cisco Systems, Inc. Cisco security advisory: 7xx router password buffer overflow, 〈http://www.cisco.com/warp/public/770/pwbuf-pub.shtml〉; June 1998.
4. Cisco Systems, Inc. Defining strategies to protect against TCP SYN denial of service attacks, 〈http://www.cisco.com/warp/public/707/4.html〉; July 1999.
5. Crosby S, Wallach D. Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th USENIX security symposium, August 2003, p. 29-44.
6. Cyber-crime-the targets it hits, the damage it does, available at 〈http://www.coe.int/T/E/Com/Files/Themes/Cybercrime/e_cybercrime.asp〉.
7. Ferguson P, Senie D. Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. RFC2827 May 2000.
8. Goncalves M., and Brown S. Check point firewall-1: administration guide (1999), McGraw Hill, New York
9. Hu Y-H, Choi H, Choi H-A. Packet filtering to defend flooding-based DDoS attacks. In: Proceedings of 2004 IEEE/Sarnoff symposium on advances in wired and wireless communication, April 2004, p. 39-42.
10. Jin C, Wang H, Shin K-G. Hop-count filtering: an effective defense against spoofed DoS traffic. In: Proceedings of the 10th ACM international conference on Computer and Communications Security (CCS), October 2003, p. 30-41.
11. Kargl F, Maier J, Weber M. Protecting web servers from distributed denial of service attacks. In: Proceedings of the 10th international conference on World Wide Web, Hong Kong, China, May 2001, p. 514-524.
12. Karig D, Lee RB. Remote denial of service attacks and countermeasures. Department of Electrical Engineering, Princeton University, October 2001 (Technical report CE-L2001-002).
13. Keromytis A.D., Misra V., and Rubenstein D. SOS: an architecture for mitigating DDoS attacks. IEEE J Selected Areas Commun (JSAC) (2003)
14. Lemon J. Resisting SYN flooding DoS attacks with a SYN cache. In: Proceedings of USENIX BSDCon '02 conference on file and storage technologies, February 2002.
15. Levine JR. LEX and YACC, O'Reilly Media, October 1992.
16. libpcap. Packet capture library, 〈http://sourceforge.net/projects/libpcap/〉.
17. MacClure S., Scambray J., and Kurtz G. Hacking exposed: network security secrets and solutions (1999), McGraw-Hill, Osborne
18. NISCC Technical Note 01/2006. Egress and ingress filtering, available at 〈http://www.cpni.gov.uk/Docs/re-20060420-00294.pdf〉; April 2006.
19. Noureldien N-A, Osman I-M. A stateful inspection module architecture. In: Proceedings TENCON 2000, p. 259-265.
20. NS-2 simulator, 〈http://www.isi.edu/nsnam/ns〉; 2006.
21. Ohsita Y, Ata S, Murata M. Deployable overlay network for defense against distributed SYN flood attacks. In: Proceedings of the 14th international conference on computer communications and networks, October 2005, p. 407-12.
22. Paxson V. An analysis of using reflectors for distributed denial-of-service attacks. ACM Comput Commun Rev (CCR) 31 3 (2001) 38-47
23. Postel J. Internet control message protocol. RFC 792 September 1981.
24. Schuba C-H, Krsul I-V, Khan M-G, Spafford E-H, Sundaram A, Zamboni D. Analysis of a denial of service attack on TCP. In: Proceedings of the IEEE symposium on security and privacy, May 1997, pp. 208-23.
25. Stevens R. TCP/IP illustrated vol. 1 (1994), Addison-Wesley, Reading, MA
26. SUN's TCP SYN Flooding Solutions available at 〈http://www.ciac.org/ciac/bulletins/h-02.shtml〉.
27. Tupakula U-K, Varadharajan V, Gajam A-K. Counteracting TCP SYN DDoS attacks using automated model. In: Proceedings of IEEE the Global Telecommunications Conference (GLOBECOM '04) December 2004, p. 2240-4.
28. Venema W. TCP WRAPPER: network monitoring, access control, and booby traps at 〈http://www.vtcif.telstra.com.au/pub/docs/security/tcp_wrapper.txt〉.
29. Wang H, Zhang D, Shin G. SYN-dog: sniffing SYN flooding sources. In: Proceedings of the 22nd International Conference On Distributed Computing Systems (Icdcs'02), July 2002a, p. 421-8.
30. Wang H, Zhang D, Shin K. Detecting SYN flooding attacks. In: Proceedings of the twenty-first annual joint conference of the IEEE computer and communications societies, June 2002b, p. 1530-9.
31. Zuquete A. Improving the functionality of SYN cookies. In: Proceedings of 6th IFIP communications and multimedia security conference, September 2002, p. 57-77.