MODIFICATION OF TCP SYN FLOOD (DOS) ATTACK DETECTION ALGORITHM

Tomáš Halagan

tomas.halagan@stuba.sk
Slovak University of Technology in Bratislava (Slovakia)

Tomáš Kováčik


Slovak University of Technology in Bratislava (Slovakia)

Abstract

This work focuses onto proposal and implementation of modification of SYN flood (DoS) attack detection algorithm. Based on Counting Bloom filter, the attack detection algorithm is proposed and implemented into KaTaLyzer network traffic monitoring tool. TCP attacks can be detected and network administrator can be notified in real-time about ongoing attack by using different notification methods.


Keywords:

DoS, TCP, SYN, flood attack, network security, notification messages, detection module

Chen Y. Y. W.: Throttling spoofed SYN flooding traffic at the source. Telecommunication Systems, vol. 33, no. 3, 2006, pp. 47-65.
  Google Scholar

Fan L. et al.: Sumary cache: A scalable wide-area web cache sharing protocol. IEEE/ACM Transactions on Networking, vol. 8, no. 3, 2000, p. 281-293.
  Google Scholar

[CA-96.21] CERT. CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks: http://www.cert.org/advisories/CA-1996-21.html
  Google Scholar

Network monitoring tool Catalyzer: http://www.katalyzer.sk
  Google Scholar

Download


Published
2014-09-26

Cited by

Halagan, T., & Kováčik, T. (2014). MODIFICATION OF TCP SYN FLOOD (DOS) ATTACK DETECTION ALGORITHM. Informatyka, Automatyka, Pomiary W Gospodarce I Ochronie Środowiska, 4(3), 75–76. https://doi.org/10.5604/20830157.1121390

Authors

Tomáš Halagan 
tomas.halagan@stuba.sk
Slovak University of Technology in Bratislava Slovakia

Authors

Tomáš Kováčik 

Slovak University of Technology in Bratislava Slovakia

Statistics

Abstract views: 150
PDF downloads: 67