A model for analysis of SYN flood DoS attacks

Abstract

Denial of Service (DoS) attacks pose a major threat to the use of the Internet for delivering critical commercial and public services. With reference to techniques that rely on better system configuration, in particular, TCP settings, this paper presents a novel mathematical model for understanding SYN flood DoS attacks considering both statistical properties of incoming legitimate and adversarial SYN traffic and, unlike in existing works, Round Trip Time (RTT) of TCP traffic. The approach relies on stochastic simulations for the general case but provides a closed-form solution for the case of incoming SYN traffic conforming to a Poisson process and backlog queues having an infinite capacity.