An effective approach to detect ddos attack

R. Manoj, C. Tripti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

TCP connection is a connection oriented, reliable service. It uses 3 way handshake process to establish the connection. Distributed Denial of Service (DDoS) has emerged as one of the major threats to network security as evident from a series of attacks that shutdown some of the most popular web-sites. This attack prevents legitimate users from accessing the regular internet services by exhausting the victim’s resources, and TCP SYN flooding attack is the most common type of DDoS attack. TCP SYN flooding exploits the TCP’s 3-way handshake mechanism and its limitation in maintaining half open con-nection. The SYN flooding attack is very hard to detect, because it is difficult to distinguish between legitimate SYN packets and attack SYN packets at the vic-tim’s server. This paper concentrates on the different IP spoofing techniques like Random spoofed source address, Subnet spoofed source address, Fixed spoofed source address and the schemes to detect the DDoS attack. The different schemes are SYN-dog, SYN-cache, SYN-cookies. These schemes are effective only up to a particular extent. This paper concentrates more on a newly proposed scheme which is a router based scheme that uses Counting Bloom Fil-ter algorithm and CUSUM algorithm. The new scheme is highly sensitive and always require a shorter time for the detection of both low intensity and high intensity attacks.

Original languageEnglish
Title of host publicationAdvances in Computing and Information Technology- Proceedings of the 2nd International Conference on Advances in Computing and Information Technology, ACITY 2012- Volume 3
EditorsNatarajan Meghanathan, Nabendu Chaki, Dhinaharan Nagamalai
PublisherSpringer Verlag
Pages339-345
Number of pages7
ISBN (Print)9783642315992
DOIs
Publication statusPublished - 2013
Event2nd International Conference on Advances in Computing and Information Technology, ACITY 2012 - Chennai, India
Duration: 13-07-201215-07-2012

Publication series

NameAdvances in Intelligent Systems and Computing
Volume178
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365

Conference

Conference2nd International Conference on Advances in Computing and Information Technology, ACITY 2012
CountryIndia
CityChennai
Period13-07-1215-07-12

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Computer Science(all)

Fingerprint Dive into the research topics of 'An effective approach to detect ddos attack'. Together they form a unique fingerprint.

Cite this