ARM-CPD: DETECTING SYN FLOODING ATTACK BY TRAFFIC PREDICTION
This paper proposed an ARM-CPD scheme that is a simple but fast and effective approach to detect SYN flooding attacks. Instead of managing all real time ongoing traffic on the network, ARM-CPD only monitors the SYN packet and use it to predict the SYN packet in the near future to detect the SYN flooding attacks. To get the prediction SYN traffic, the Autoregressive Integrated Moving Average Model (ARIMA) is proposed; and to make the detection method insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) algorithm is applied. The trace-driven simulations demonstrate that ARM-CPD can shorten the detection time of SYN flooding attack effectively.
DoS TCP SYN flooding ARIMA CUSUM
Sun Qibo Wang Shangguang Yan Danfeng Yang Fangchun
State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
国际会议
北京
英文
443-447
2009-10-18(万方平台首次上网日期,不代表论文的发表时间)