{"title":"D-SAT:采用两阶段统计方法检测SYN泛洪攻击","authors":"Seungwon Shin, Ki-young Kim, Jongsoo Jang","doi":"10.1109/SAINT.2005.18","DOIUrl":null,"url":null,"abstract":"We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and other TCP packets at first time. And it detects SYN flooding and finds victims more accurately in its second stage. To make the detection mechanism robustly and easily, D-SAT uses CUSUM (cumulative sum) approach in SPC (statistical process control) (H. Wang et al., 2002) (D.C. Montgomery, 2001) (D.M. Hawkins et al., 1998). It makes the detection mechanism much more generally applicable and easier to implement. D-SAT also employed AFM (aggregation flow management) for finding victims quickly and accurately. The trace-driven simulation results demonstrate that D-SAT system is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.","PeriodicalId":169669,"journal":{"name":"The 2005 Symposium on Applications and the Internet","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"D-SAT: detecting SYN flooding attack by two-stage statistical approach\",\"authors\":\"Seungwon Shin, Ki-young Kim, Jongsoo Jang\",\"doi\":\"10.1109/SAINT.2005.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and other TCP packets at first time. And it detects SYN flooding and finds victims more accurately in its second stage. To make the detection mechanism robustly and easily, D-SAT uses CUSUM (cumulative sum) approach in SPC (statistical process control) (H. Wang et al., 2002) (D.C. Montgomery, 2001) (D.M. Hawkins et al., 1998). It makes the detection mechanism much more generally applicable and easier to implement. D-SAT also employed AFM (aggregation flow management) for finding victims quickly and accurately. The trace-driven simulation results demonstrate that D-SAT system is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.\",\"PeriodicalId\":169669,\"journal\":{\"name\":\"The 2005 Symposium on Applications and the Internet\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-01-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 2005 Symposium on Applications and the Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINT.2005.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 2005 Symposium on Applications and the Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINT.2005.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
D-SAT: detecting SYN flooding attack by two-stage statistical approach
We propose D-SAT (detecting SYN flooding attack by two-stage statistical approach) system that is simple and robust approach to detect SYN flooding attacks by observing network traffic. Instead of managing all ongoing traffic on the network, D-SAT only monitors SYN count and ratio between SYN and other TCP packets at first time. And it detects SYN flooding and finds victims more accurately in its second stage. To make the detection mechanism robustly and easily, D-SAT uses CUSUM (cumulative sum) approach in SPC (statistical process control) (H. Wang et al., 2002) (D.C. Montgomery, 2001) (D.M. Hawkins et al., 1998). It makes the detection mechanism much more generally applicable and easier to implement. D-SAT also employed AFM (aggregation flow management) for finding victims quickly and accurately. The trace-driven simulation results demonstrate that D-SAT system is efficient and simple to implement and prove that it detects SYN flooding accurately and finds attack in a very short detection time.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
