Analysis of the SYN Flood DoS Attack

Full Text (PDF, 1711KB), PP.1-11

Views: 0 Downloads: 0

Author(s)

Mitko Bogdanoski 1,* Tomislav Shuminoski 2 Aleksandar Risteski 2

1. Militar Academy “General Mihailo Apostolski, Skopje, R. Macedonia

2. Faculty of Electrical Engineering and IT, Ss. Cyril and Methodius University, Skopje, R. Macedonia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2013.08.01

Received: 9 Oct. 2012 / Revised: 11 Feb. 2013 / Accepted: 2 Mar. 2013 / Published: 8 Jun. 2013

Index Terms

DoS, Flooding, SYN flooding, OPNET Modeler, Anomaly detection

Abstract

The paper analyzes systems vulnerability targeted by TCP (Transmission Control Protocol) segments when SYN flag is ON, which gives space for a DoS (Denial of Service) attack called SYN flooding attack or more often referred as a SYN flood attack. The effects of this type of attack are analyzed and presented in OPNET simulation environment. Furthermore, the paper presents two anomaly detection algorithms as an effective mechanism against this type of attack. Finally, practical approaches against SYN flood attack for Linux and Windows environment which are followed by are shown.

Cite This Paper

Mitko Bogdanoski, Tomislav Shuminoski, Aleksandar Risteski, "Analysis of the SYN Flood DoS Attack", International Journal of Computer Network and Information Security(IJCNIS), vol.5, no.8, pp.1-11, 2013. DOI:10.5815/ijcnis.2013.08.01

Reference

[1]March 2013 Cyber Attacks Statistics, April 9, 2013, Available: http://hackmageddon.com/category/security/cyber-attacks-statistics/
[2]DDOS: coordinated attacks analysis, PenTest magazine, PenTest Extra 05/2012, Available: http://pentestmag.com/ddos-attacks-pt-extra-05_2012/
[3]H. Wang, D. Zhang, and K. G. Shin, "Detecting SYN flooding attacks", in Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies(INFOCOM), volume 3, pp. 1530-1539, June 23-27, 2002.
[4]W. M. Eddy, "TCP SYN Flooding Attacks and Common Mitigations," RFC 4987, August 2007. [Online]. Available: http://tools.ietf.org/html/rfc4987.
[5]W. Eddy, "Defenses Against TCP SYN Flooding Attacks", Cisco Internet Protocol Journal Volume 9, Number 4, December 2006, Available: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html
[6]D. M. Divakaran, H. A. Murthy and T. A. Gonsalves, "Detection of SYN Flooding Attacks Using Linear Prediction Analysis", 14th IEEE International Conference on Networks, ICON 2006, pp. 218-223, Sep. 2006.
[7]V. A. Siris and P. Fotini, "Application of Anomaly Detect Algorithms for Detecting SYN Flooding Attack" Elsevier Computer Communications, pp. 1433-1442, 2006.
[8]S.Gavaskar, R.Surendiran and Dr.E.Ramaraj, "Three Counter Defense Mechanism for SYN Flooding Attacks", International Journal of Computer Applications, Volume 6–No.6, pp.12-15, Sep. 2010.
[9]T. Nakashima and S. Oshima, "A detective method for SYN flood attacks", First International Conference on Innovative Computing, Information and Control, 2006.
[10]D. Nashat,X. Jiang and S. Horiguchi, "Detecting SYN Flooding Agents under Any Type of IP Spoofing", IEEE International Conference on e-Business Engineering table of contents, 2008.
[11]W. Chen and D.-Y. Yeung, "Defending Against SYN Flooding Attacks Under Different Types of IP Spoofing", ICN/ICONS/MCL '06, IEEE Computer Society, pp. 38-44, April 2006.
[12]A. Yaar, A. Perrig and D. Song, "StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense", IEEE Journal on Selected Areas in Communications, Volume 24, no. 10, pp. 1853-1863, October 2006.
[13]S.-W. Shin, K-Y. Kim and J.-S. Jang, "D-SAT: detecting SYN flooding attack by two-stage statistical approach", Applications and the Internet, pp.:430 – 436, 2005.
[14]J. Haggerty, T. Berry, Q. Shi and M. Merabti, "DiDDeM: a system for early detection of SYN flood attacks", GLOBECOM, 2004.
[15]J. Haggerty, Q. Shi and M. Merabti, "Early Detection and Prevention of Denial-of-Service Attacks: A Novel Mechanism With Propagated Traced-Back Attack Blocking", IEEE Journal On Selected Areas In Communications, Vol. 23, No. 10, pp. 1994-2002, October 2005.
[16]S. Qibo, W. Shangguang, Y. Danfeng and Y. Fangchun, "An Early Stage Detecting Method against SYN Flooding Attacks", China Communication, Vol. 4, pp. 108-116, November 2009.
[17]G. Wei, Y. Gu and Y. Ling, "An Early Stage Detecting Method against SYN Flooding Attack", International Symposium on Computer Science and its Applications, pp.263-268, 2008.
[18]T. Peng, C. Leckie and K. Rammamohanarao, "Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems", ACM Computing Surveys, Vol. 39, Issue 1. 2007.
[19]B. Xiao, W. Chen, Y. He and E.H.-M. Sha, "An active detecting method against SYN flooding attack", Parallel and Distributed Systems, 2005.
[20]Sheng-Ya Lin, Jyh-Charn Liu and Wei Zhao, "Adaptive CUSUM for Anomaly Detection and Its Application to Detect Shared Congestion", Technical Report– 1-2, Department of Computer Science, Texas A&M University, 2007.
[21]A. Chin, Detecting and preventing SYN Flood attacks on web servers running Linux, Linux Forum, 21. January 2011.
[22]support.microsoft.com.