MODIFICATION OF TCP SYN FLOOD (DOS) ATTACK DETECTION ALGORITHM
Tomáš Halagan
tomas.halagan@stuba.skSlovak University of Technology in Bratislava (Slovakia)
Tomáš Kováčik
Slovak University of Technology in Bratislava (Slovakia)
Abstract
This work focuses onto proposal and implementation of modification of SYN flood (DoS) attack detection algorithm. Based on Counting Bloom filter, the attack detection algorithm is proposed and implemented into KaTaLyzer network traffic monitoring tool. TCP attacks can be detected and network administrator can be notified in real-time about ongoing attack by using different notification methods.
Keywords:
DoS, TCP, SYN, flood attack, network security, notification messages, detection moduleReferences
Chen Y. Y. W.: Throttling spoofed SYN flooding traffic at the source. Telecommunication Systems, vol. 33, no. 3, 2006, pp. 47-65.
Google Scholar
Fan L. et al.: Sumary cache: A scalable wide-area web cache sharing protocol. IEEE/ACM Transactions on Networking, vol. 8, no. 3, 2000, p. 281-293.
Google Scholar
[CA-96.21] CERT. CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks: http://www.cert.org/advisories/CA-1996-21.html
Google Scholar
Network monitoring tool Catalyzer: http://www.katalyzer.sk
Google Scholar
Authors
Tomáš KováčikSlovak University of Technology in Bratislava Slovakia
Statistics
Abstract views: 153PDF downloads: 69
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.