Please use this identifier to cite or link to this item:

Throttling spoofed SYN flooding traffic at the source

Authors Chen, Wei HKUST affiliated (currently or previously)
Yeung, Dit-Yan View this author's profile
Issue Date 2006
Source Telecommunication Systems , v. 33, (1-3), 2006, November, p. 47-65
Summary TCP-based flooding attacks are a common form of Distributed Denial-of-Service (DDoS) attacks which abuse network resources and can bring about serious threats to the Internet. Incorporating IP spoofing makes it even more difficult to defend against such attacks. Among different IP spoofing techniques, which include random spoofing, subnet spoofing and fixed spoofing, subnet spoofing is the most difficult type to fight against. In this paper, we propose a simple and efficient method to detect and defend against TCP SYN flooding attacks under different IP spoofing types, including subnet spoofing. The method makes use of a storage-efficient data structure and a change-point detection method to distinguish complete three-way TCP handshakes from incomplete ones. This lightweight approach makes it relatively easy to deploy the scheme as its resource requirement is reasonably low. Simulation experiments consistently show that our method is both efficient and effective in defending against TCP-based flooding attacks under different IP spoofing types. Specifically, our method outperforms others in achieving a higher detection rate yet with lower storage and computation costs.
ISSN 1018-4864
Rights The original publication is available at
Language English
Format Article
Access View full-text via DOI
View full-text via Web of Science
View full-text via Scopus
Files in this item:
File Description Size Format
paper.pdf 462742 B Adobe PDF