Defense against SYN Flooding Attacks: A Scheduling Approach
Journal Title: Journal of Information Systems and Telecommunication - Year 2014, Vol 2, Issue 1
Abstract
The TCP connection management protocol sets a position for a classic Denial of Service (DoS) attack, called the SYN flooding attack. In this attack attacker sends a large number of TCP SYN segments, without completing the third handshaking step to quickly exhaust connection resources of the victim server. Therefore it keeps TCP from handling legitimate requests. This paper proposes that SYN flooding attack can be viewed metaphorically as result of an unfair scheduling that gives more opportunity to attack requests but prevents legal connections from getting services. In this paper, we present a scheduling algorithm that ejects the half connection with the longest duration, when number of half open connections reaches to the upper bound. The simulation results show that the proposed defense mechanism improves performance of the under attack system in terms of loss probability of requests and share of regular connections from system resources.
Authors and Affiliations
Shahram Jamali, Gholam Shaker
Keywords
Related Articles
- EP ID EP185974
- DOI 10.7508/jist.2014.01.007
- Views 122
- Downloads 0
A Learning Automata Approach to Cooperative Particle Swarm Optimizer
This paper presents a modification of Particle Swarm Optimization (PSO) technique based on cooperative behavior of swarms and learning ability of an automaton. The approach is called Cooperative Particle Swarm Optimizati...
A Novel Resource Allocation Algorithm for Heterogeneous Cooperative Cognitive Radio Networks
In cognitive radio networks (CRN), resources available for use are usually very limited. This is generally because of the tight constraints by which the CRN operate. Of all the constraints, the most critical one is the l...
Simultaneous Methods of Image Registration and Super-Resolution Using Analytical Combinational Jacobian Matrix
In this paper we propose two new simultaneous image registration (IR) and super-resolution (SR) methods using a novel approach to calculate the Jacobian matrix. SR is the process of fusing several low resolution (LR) ima...
A New Node Density Based k-edge Connected Topology Control Method: A Desirable QoS Tolerance Approach
This research is an ongoing work for achieving consistency between topology control and QoS guarantee in MANET. Desirable topology and Quality of Service (QoS) control are two important challenges in wireless communicati...
Efficient Land-cover Segmentation Using Meta Fusion
Most popular fusion methods have their own limitations; e.g. OWA (order weighted averaging) has “linear model” and “summation of inputs proportions in fusion equal to 1” limitations. Considering all possible models for f...