A SYN Flood Detection Method Based on Self – similarity in Network Traffic

Zhang, Daxiu; Zhu, Xiaojuan; Wang, Lu

doi:10.1007/978-3-319-72395-2_8

Daxiu Zhang¹⁷,
Xiaojuan Zhu¹⁷ &
Lu Wang¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Included in the following conference series:

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

2912 Accesses

Abstract

Since the normal data fail to be transmitted under the SYN Flood attack, the paper proposes a detection method which can rapidly and accurately detect the SYN Flood attack. First, it takes a real - time intercept of network traffic, and selects network traffic to discrete. Second, the fitting function can be achieved by fitting the discrete network traffic repeatedly. Finally, the integral value of the fitting function is calculated, which is used to compare with the Hurst value. The SYN Flood attack can be effectively detected by comparing the integral value, which calculated by the fitting function curve, with the Hurst value of the network traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Zhang, F., Zhao, Y., Wang, D., Wang, H.: Research on network traffic prediction based on traffic characteristics. Comput. Sci. 41(04), 86–89+98 (2014)
Google Scholar
Hui, W., Ji, Z., Zhu, S.: Self-similar network traffic model research. Intell. Comput. Appl. 3(02), 34–41 (2013)
Google Scholar
Dai, K., Hu, B., Wang, X.: Study on worm attack detection method based on network traffic self-similarity. Mod. Electron. Tech. 34(04), 113–115 (2011)
Google Scholar
Mei, X.: Research and Application of Network Traffic Model Based on Diffusion Wavelet. Beijing Jiaotong University, Beijing (2016)
Google Scholar
Gao, B., Zhang, Q., Liang, Y.: Self-similar network traffic prediction based on EMD and ARMA. J. Commun. 32(04), 47–56 (2011)
Google Scholar
Kshirsagar, D., Sawant, S., Rathod, A.: CPU load analysis & minimization for TCP SYN flood detection. Procedia Comput. Sci. 85, 626–633 (2016)
Article Google Scholar
Wei, G., Gu, Y., Ling, Y.: An early stage detecting method against SYN flooding attack. In: International Symposium on Computer Science and its Applications 2008, pp. 263–268. IEEE Computer Society (2008)
Google Scholar
Zhang, X., Xu, X., Zhu, S.: DDoS attack detection method based on Hurst exponential variance analysis. Comput. Eng. 14, 149–151 (2008)
Google Scholar
Kavisankar, L., Chellappan, C.: A mitigation model for TCP SYN flooding with IP spoofing. In: International Conference on Recent Trends in Information Technology 2011, ICRTIT, Chennai, Tamil Nadu, pp. 251–256 (2011)
Google Scholar
Bogdanoski, M., Toshevski, A., Bogatinov, D.: A novel approach for mitigating the effects of the TCP SYN flood DDoS attacks. World J. Model. Simul. 12(3), 217–230 (2016)
Google Scholar
Wang, X., Zhang, J.: DDoS attack detection algorithm based on wavelet analysis and information entropy. J. Comput. Appl. Softw. 30(06), 307–311 (2013)
Google Scholar
Ren, Y., Liu, Y.: A DDoS attack detection method based on wavelet analysis. Comput. Eng. Appl. 48(31), 82–88 (2012)
Google Scholar
Ding, P., Tian, Z., Zhang, H.: Detection and defense of SYN flood attacks based on dual stack network firewall. In: IEEE International Conference on Data Science in Cyberspace 2017, pp. 526–531. IEEE (2017)
Google Scholar
Haris, S.H.C., Ahmad, R.B., Ghani, M.A.H.A.: Detecting TCP SYN flood attack based on anomaly detection. In: IEEE International Conference 2010. IEEE (2010)
Google Scholar
Bellaïche, M., Grégoire, J.C.: SYN flooding attack detection by TCP handshake anomalies. Secur. Commun. Netw. 5(7), 709–724 (2012)
Article Google Scholar
Deka, R.K., Bhattacharyya, D.K.: Self-similarity based DDoS attack detection using Hurst parameter. Secur. Commun. Netw. 5(9), 4468–4481 (2016)
Article Google Scholar

Download references

Acknowledgments

This work is jointly supported by National Natural Science Foundation of China (Grant No. 51504010), and Key Projects of Anhui Province University Outstanding Youth Talent Support Program (Grant No. gxyqZD2016083).

Author information

Authors and Affiliations

School of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, 232001, Anhui, China
Daxiu Zhang, Xiaojuan Zhu & Lu Wang

Authors

Daxiu Zhang
View author publications
You can also search for this author in PubMed Google Scholar
Xiaojuan Zhu
View author publications
You can also search for this author in PubMed Google Scholar
Lu Wang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaojuan Zhu .

Editor information

Editors and Affiliations

Guangzhou University, Guangzhou, China
Guojun Wang
Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA
Mohammed Atiquzzaman
Aalto University, Espoo, Finland
Zheng Yan
University of Texas at San Antonio, San Antonio, Texas, USA
Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zhang, D., Zhu, X., Wang, L. (2017). A SYN Flood Detection Method Based on Self – similarity in Network Traffic. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_8

Download citation

DOI: https://doi.org/10.1007/978-3-319-72395-2_8
Published: 09 December 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics