Statistical-based SYN-flooding detection using programmable network processor

Citation

Lim, , BP and Uddin,, MS (2005) Statistical-based SYN-flooding detection using programmable network processor. Third International Conference on Information Technology and Applications, Vol 2, Proceedings . pp. 465-470.

Full text not available from this repository.

Abstract

With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper, we explore the practical implementation of statistical-based SYN-flooding detection system in a network processor-based router. An embedded architecture, called synmon is proposed We employ an instance of change-point detection, non-parametric Cumulative Sum (CUSUM) algorithm, for SYN-flooding detection. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A prototype of synmon embedded forwarder is developed and the performance of synmon under different attack patterns, network loads, sampling interval and tuning parameters is investigated We demonstrate that the synmon architecture seamlessly integrates with common forwarding tasks while providing cost-effective service for SYN-flooding detection on network processor platform.

Item Type: Article
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science
Divisions: Faculty of Computing and Informatics (FCI)
Depositing User: Ms Rosnani Abd Wahab
Date Deposited: 22 Aug 2011 03:12
Last Modified: 22 Aug 2011 03:12
URII: http://shdl.mmu.edu.my/id/eprint/2391

Downloads

Downloads per month over past year

View ItemEdit (login required)