TCP SYN flood attack has been one of representative DDoS attack in computer security history. To cope with this, a number of researches have been done, but they have a high false detection rate and are hard to be applicable in network address translation environment which is very common in the real world. To address these problems, we propose an efficient scheme to cope with SYN flood attacks with spoofed IP addresses. Compared to the existing approaches, it achieves the lowest false positive rate of 0.0003% at maximum and detects false IP packets at an earlier point of time, which serve to reduce the impacts of DDoS attacks significantly.
TomlinsonR.S., Selecting Sequence Numbers, INWG Protocol Note 2, IFIP WorkingGroup 6.1, August 1974. Also in Proceedings of the ACM SIGCOMM/SIGOPS Interprocess Communications Workshop, (Santa Monica, CA, March 24–25, 1975), and ACM Operating Systems.
2.
PostelJ., RFC792– Darpa Internet Program Protocol Specification, 1981.
3.
CERT AdvisoryCA–1996–21 TCP-SYN Flooding and IP Spoofing Attacks, 2000.
4.
TangH.-R., XuC., LuoX.-G. and OuyangJ.-Q., Traceback-Based Bloomfilter IPS in Defending SYN Flooding Attack, Wireless Communications, Networking and Mobile Computing, 2009, pp. 1–6.
5.
WangH., JinC. and ShinK.G., Defense against spoofed IP traffic using hop-count filtering, IEEE/ACM Trans Networking15(1) (2007).
6.
TempletonS.J. and LevittK.E., detecting spoofed packet, the DARPA Information Survivability Conference and Exposition (DISCEX’03), 2003.
7.
XiangY. and ZhouW., Flexible Deterministic Packet Marking - An ip traceback system to find the real source of attacks, IEEE Trans. Parallel and Distributed Systems20(4) (2009), 567–580.
8.
YaarA., PerrigA. and SongD., New packet marking and filtering mechanisms for DDoS and IP spoofing defense, IEEE Journal on Selected Areas in Communications24(10) (2006).
9.
LiD., Pei Chen Optimized hash lookup for bloom filter based packet routing, Network-Based Information Systems (NBiS), 16th International Conference on, 2013.
10.
LeeH., KwonM., HaskerG., PerrigA., BASE an incrementally deployable mechanism for viable IP spoofing prevention, Proceedings of the 2nd ACM symposium on Information, computer and communications security, 2007, Singapore.
11.
ArnoldJ., MaennelO., FlavelA., McMahonJ., RoughanM., Quantitative analysis of incorrectly configured bogon filter detection, ATNAC 2008. Australasian, 2008, pp. 10–15.
12.
WangH., ZhangD. and ShinK.G., Detecting SYN flooding attacks, Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, 2002.
13.
MutebiR.M. and RaiI.A., An integrated victim-based approach against IP packet flooding denial of service, International Journal of Computing and ICT Research4(1) (2010), 70–80.
