Defense Against TCP Flooding Attack

Seungyong Yoon, Ikkyun Kim, Jintae Oh, Jongsoo Jang

2012

Abstract

This paper generally relates to a DDoS attack prevention method, more particularly, to a Transmission Control Protocol (TCP) flooding attack prevention method which defines several session states based on the type and direction of a packet, tracks the session state for each flow, and detects and responds to a flooding attack. An anti-DDoS system with a capacity of 20Gbps throughput, we call ‘ALADDIN’ system, was implemented in FPGA based reconfigurable hardware. The possibility of high-speed hardware implementation was shown in this paper. The system was tested using existing DDoS attack tools in 8Gbps of background traffic. According to the test results, TCP flooding attacks could be defended through our proposed method rapidly and accurately.

References

  1. L. D. Stein, J. N. Stewart, 2002. The World Wide WebSecurity FAQ, version 3.1.2, In <http://www.w3.org/Security/Faq>.
  2. Christos Douligeris, Aikaterini Mitrokotsa, 2004. DDoS attacks and defense mechanisms; classification and state-of-the art, In the International Journal of Computer and Telecommunications Networking, Vol.44, Issue 5.
  3. Yi Xie and Shun-Zheng Yu, 2009. Monitoring the Application-Layer DDoS Attacks for Popular Websites, In IEEE/ACM Transactions on Networking, Vol.17, No 1.
  4. R. R. Talpade, G. Kim, S. Khurana, 1998. NOMAD: Trafficbased network monitoring framework for anomaly detection, In Proceedings of the Fourth IEEE Symposium on Computers and Communications.
  5. Y. Huang, J. M. Pullen, 2001. Countering Denial of Service attacks using congestion triggered packet sampling and filtering, In Proceedings of the 10th International Conference on Computer Communiations and Networks.
  6. NFR Security, 2007. NFR Network Intrusion Detection, In <http://www.nfr.com>.
  7. Snort, 2012, The Open Source Network Intrusion Detection System, In <http://www.snort.org>.
  8. J. Mirkovic, G. Prier, P. Reiher, 2002. Attacking DDoS at the source, In Proceedings of ICNP 2002, pp. 312- 321.
  9. F. Kargl, J. Maier, M. Weber, 2001. Protecting web servers from Distributed Denial of Service attacks, In Proceedings of the Tenth International Conference on World Wide Web, pp. 514-524.
  10. A. Garg, A. L. N. Reddy, 2002. Mitigating Denial of service Attacks using QoS regulation, In Proceedings of the Tenth IEEE International Workshop on Quality of Service, pp. 45-53.
  11. Gordon McKinney, 2002. TCP/IP State Transition Diagram, In RFC793.
  12. Seungyong Yoon, Byoungkoo Kim, Jintae Oh, and Jongsoo Jang, 2008. H/W based Stateful Packet Inspection using a Novel Session Architecture, In International Journal of Computers, Vol.2, Issue 3.
  13. Synplicity, 2012. In <http://www.synplicity.com>
  14. Model, 2012. In <http://www.model.com>
  15. Xilinx, 2012. In <http://www.xilinx.com>
  16. Ixiacom, 2012. In <http://www.ixiacom.com>
  17. K. Han, E. Im, 2009. A Study on the Analysis of Netbot and Design of Detection Framework, In Proceedings of JWIS.
  18. Netkill, 2000. Generic remote DoS attack tool, In <http://www.securiteam.com/tools/5QR0B000AU.html
  19. Hauri, 2009. 7.7 DDos Virus Report. In <http://www.maxoverpro.org/77DDoS.pdf>
Download


Paper Citation


in Harvard Style

Yoon S., Oh J., Kim I. and Jang J. (2012). Defense Against TCP Flooding Attack . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 416-420. DOI: 10.5220/0004119604160420


in Bibtex Style

@conference{secrypt12,
author={Seungyong Yoon and Jintae Oh and Ikkyun Kim and Jongsoo Jang},
title={Defense Against TCP Flooding Attack},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={416-420},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004119604160420},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Defense Against TCP Flooding Attack
SN - 978-989-8565-24-2
AU - Yoon S.
AU - Oh J.
AU - Kim I.
AU - Jang J.
PY - 2012
SP - 416
EP - 420
DO - 10.5220/0004119604160420