Synmon architecture for source-based SYN-flooding defense on network processor

Citation

Lim,, BP and Uddin,, MS (2005) Synmon architecture for source-based SYN-flooding defense on network processor. 2005 Asia-Pacific Conference on Communications (APCC), Vols 1& 2. pp. 995-999.

Full text not available from this repository.

Abstract

Distributed denial-of-service attacks remains inflict damage to the Internet services, after almost five years since its large-scale explosion. The demand for robust and high-speed firewall has led to the advent of hardware-based DDoS defense system. Network processor is becoming the cornerstone of many new firewall designs due to its programmability and high performance packet processing ability. In this paper, we propose an innovative and practical syn-flooding defense system built on network processor. An embedded architecture, called synmon is proposed. We characterize our solution as a source-based autonomous system which resides in upstream border routers. It detects wide-range of attacks and blocks large portion of attack traffic before flooding into core network. Change-point detection algorithm is employed to detect occurrence of syn-flooding attack. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A fuzzy-based adaptive rate-limiting mechanism is proposed to restrict intensity of outgoing SYN packets. Under the per-flow mitigation scheme, while the attacker is penalized with limited outgoing connection, the legitimate clients in the same subnet are free from collateral damage. A hardware prototype of synmon embedded router is developed. We demonstrate that the synmon architecture seamlessly integrates with common routing tasks while providing cost-effective service for SYN-flooding defense system on network processor platform.

Item Type: Article
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television
Divisions: Faculty of Computing and Informatics (FCI)
Depositing User: Ms Rosnani Abd Wahab
Date Deposited: 22 Aug 2011 03:03
Last Modified: 22 Aug 2011 03:03
URII: http://shdl.mmu.edu.my/id/eprint/2405

Downloads

Downloads per month over past year

View ItemEdit (login required)