SYN Flooding Attack Detection Based on Entropy Computing

We present an original approach to detect SYN flooding attacks from the victim's side, by monitoring unusual handshake sequences. Detection is done in real-time to allow quick protection and help guarantee a proper defence. Our detection system uses an entropy measure to detect changes in the b...

Full description

Saved in:
Bibliographic Details
Published inGLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference pp. 1 - 6
Main Authors Bellaiche, M., Gregoire, J.-C.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.11.2009
Subjects
Computer crime
Data security
Entropy
Face detection
Floods
Monitoring
Protection
Protocols
Robustness
Web and internet services
Online AccessGet full text

Cover

More Information
Summary:We present an original approach to detect SYN flooding attacks from the victim's side, by monitoring unusual handshake sequences. Detection is done in real-time to allow quick protection and help guarantee a proper defence. Our detection system uses an entropy measure to detect changes in the balance of TCP handshakes. Experiment results show that our method can detect SYN flooding attacks with better accuracy and robustness than traditional stateless methods, and with manageable overhead.
ISBN:9781424441488
142444148X
ISSN:1930-529X
2576-764X
DOI:10.1109/GLOCOM.2009.5425454