Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple...Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage.In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic.Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.展开更多
基金supported by the National High-Tech Research and Development Plan of China under Grant No. 2006AA01Z448 (863)the Key Science and Technology Research project of Ministry of Education of China under Grant No. 108013+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant No. 60821001the National Information Security Plan of China under Grant No.2007A14 (242)
文摘Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage.In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic.Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.
