Fiche du document
4 octobre 2015
- handle: 10670/1.eya15n
- hal: hal-01466237
- doi: 10.1007/978-3-319-24315-3_4
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-319-24315-3_4
http://creativecommons.org/licenses/by/ , info:eu-repo/semantics/OpenAccess
Mots-clés
DoS detection DoS identification Counting Bloom Filter TCP SYN Flood attack Network securitySujets proches
Field guides Keys (Identification guides) Identification guides Forensic identificationCiter ce document
Tomáš Halagan et al., « Syn Flood Attack Detection and Type Distinguishing Mechanism Based on Counting Bloom Filter », HAL-SHS : sciences de l'information, de la communication et des bibliothèques, ID : 10.1007/978-3-319-24315-3_4
Métriques
Partage / Export
Résumé
Presented work focuses onto proposal, implementation and evaluation of the new method for detection and type identification of SYN flood (DoS) attacks. The method allows distinguishing type of detected SYN flood attacks – random, subnet or fixed. Based on Counting Bloom filter, the attack detection and identification algorithm is proposed, implemented and evaluated in KaTaLyzer network traffic monitoring tool. Proof of correctness of the approach for TCP SYN flood attack detection and type identification is provided – both in practical and theoretical manners. In practice, new module for KaTaLyzer is implemented and TCP attacks are detected, identified and network administrator is notified about them in real-time.