Statistical-Based SYN-Flooding Detection Using Programmable Network Processor

I
ICITA
2005
Third International Conference on Information Technology and Applications (ICITA'05) Volume 2
Abstract - Statistical-Based SYN-Flooding Detection Using Programmable Network Processor

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by BoonPing Lim Articles by Md. Safi Uddin

Third International Conference on Information Technology and Applications (ICITA'05) Volume 2

Sydney, Australia

July 04-July 07

ISBN: 0-7695-2316-1

	ASCII Text	x
	BoonPing Lim, Md. Safi Uddin, "Statistical-Based SYN-Flooding Detection Using Programmable Network Processor," Information Technology and Applications, International Conference on, vol. 2, pp. 465-470, Third International Conference on Information Technology and Applications (ICITA'05) Volume 2, 2005.

	BibTex	x
	@article{ 10.1109/ICITA.2005.262, author = {BoonPing Lim and Md. Safi Uddin}, title = {Statistical-Based SYN-Flooding Detection Using Programmable Network Processor}, journal ={Information Technology and Applications, International Conference on}, volume = {2}, year = {2005}, isbn = {0-7695-2316-1}, pages = {465-470}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICITA.2005.262}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Technology and Applications, International Conference on TI - Statistical-Based SYN-Flooding Detection Using Programmable Network Processor SN - 0-7695-2316-1 SP465 EP470 A1 - BoonPing Lim, A1 - Md. Safi Uddin, PY - 2005 KW - network security KW - network processor KW - SYN-flooding KW - non-parametric CUSUM KW - token bucket filtering VL - 2 JA - Information Technology and Applications, International Conference on ER -

BoonPing Lim, Multimedia University

Md. Safi Uddin, Multimedia University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICITA.2005.262

With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper, we explore the practical implementation of statistical-based SYN-flooding detection system in a network processor-based router. An embedded architecture, called synmon is proposed. We employ an instance of change-point detection, non-parametric Cumulative Sum (CUSUM) algorithm, for SYNflooding detection. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A prototype of synmon embedded forwarder is developed and the performance of synmon under different attack patterns, network loads, sampling interval and tuning parameters is investigated. We demonstrate that the synmon architecture seamlessly integrates with common forwarding tasks while providing cost-effective service for SYN-flooding detection on network processor platform.

Index Terms:

network security, network processor, SYN-flooding, non-parametric CUSUM, token bucket filtering

Citation:

BoonPing Lim, Md. Safi Uddin, "Statistical-Based SYN-Flooding Detection Using Programmable Network Processor," icita, vol. 2, pp.465-470, Third International Conference on Information Technology and Applications (ICITA'05) Volume 2, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.