A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks

2016-04-29
Degirmencioglu, Alptugay
Erdogan, Hasan Tugrul
Mizani, Mehrdad A.
Yilmaz, Oguz
SYN flood is a commonly used Distributed Denial of Service (DDoS) attack. SYN flood DDoS attacks consume considerable amount of resources in the target machine. Even with straightforward mitigation solutions, any attack causes resource waste and performance loss in the server, rendering it unable to provide service to legitimate clients. We propose an approach for SYN flood attack mitigation based on supervised learning classification methods which identify and block SYN flood traffic before they reach their target, hence preventing resource consumption and loss of performance. At this stage, our method identifies SYN flood attack and applies the classifier models in batch mode. This method chooses the classifiers and adjusts the parameters according to the policies and the changing characteristics of SYN flood attack.

Suggestions

An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2019-01-01)
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practic...
A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2018-11)
Distributed Denial of Service (DDoS) attacks continue to adversely affect internet-based services and applications. Various approaches have been proposed to detect different types of DDoS attacks. The computational and memory complexities of most algorithms, however prevent them from being employed in online manner. In this paper, we propose a novel victim end online DDoS attack detection framework based on the celebrated Kernel-based Online Anomaly Detection (KOAD) algorithm and the Mahalanobis distance. W...
An Entropy based DDoS detection method and implementation
Yücebaş, Süleyman Fürkan; Betin Can, Aysu; Department of Cyber Security (2019)
Distributed Denial of Service (DDoS) is a cyber attack type involving multiple computer sources which aims to temporarily or permanently deactivate the service provided by a device. This attack type has been listed multiple times as the most used attack types and has a great portion in all types of cyber attacks. Also, these attacks are increasing day by day and poses a threat for cyber security ecosystem. In today's world, these attacks target worldwide organizations and cause them to suffer. DDoS attacks ...
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Daneshgadeh Çakmakçı, Salva; Baykal, Nazife; Department of Information Systems (2019)
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS att...
DDoS Attack Modeling and Detection Using SMO
Daneshgadeh, Salva; Baykal, Nazife; Ertekin Bolelli, Şeyda (2017-12-21)
Over the last decade, Distributed Denial of Service (DDoS) attacks have been employed to cause huge financial and prestige loss to different kinds of e-business. Attackers also target governmental websites using DDoS attacks as a new weapon in the world of cyber war. The importance of the issue has inspired many researchers from academia and the industry to provide solutions to this type of challenging attack. In this study, we simulated DDoS attacks in a virtual lab and then collected firewall logs from th...
Citation Formats
A. Degirmencioglu, H. T. Erdogan, M. A. Mizani, and O. Yilmaz, “A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks,” 2016, p. 1109, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/67805.