رئوس مطالب
- چکیده
- کلیدواژه ها
- مقدمه
- ترافیک SYN
- نرخ SYN/FIN
- ناهنجاری در نرخ SYN-ACK
- طرح پیشنهادی تشخیص حمله سیل آسای SYN منع سرویس توزیع شده
- روش تشخیص حمله سیل آسای SYN
- کار در زمینه طرح تشخیص حمله سیل آسای SYN
- تجزیه و تحلیل نتیجه
- رفتار ترافیک عادی
- تشخیص حمله سیل آسای SYN
- نتیجه گیری
Abstract
SYN flood attack is a distributed denial of service attack (DDoS). This paper presents an effective and more accurate mechanism to detect synflood attack. In the proposed SYN-flood defense mechanism, different transport layer parameters are used to characterize attack, like abnormal increase in SYN packet,SYN-ACK packets, and increase in SYN/FIN rate. Proposed mechanism uses preprocessing and prediction using AR model to predict the traffic. Lyapunov exponent developed using prediction error is used as a threshold to detect attack. Out of the three parameters analyzed using same method, at least two results must be same which is taken as the final decision. To analyze validity of proposed scheme, syn flood attack was created using NS2. Data extracted from trace file, given as an input to the detection scheme developed by MATLAB. Probability of false alarm will be very less, since all the parameters do not show abnormality at the same time in a normal traffic.
Conclusions
SYN flood attack is one of the major security issues in infrastructure less network like MANET. The defense mechanism uses different transport layer abnormalities. Each node uses algorithm based on preprocessing network traffic predicted method and Chaos Theory to detect syn flood attack. Victim node combines opinion of other nodes and take a decision about the presence of attack. The method is less vulnerable to false alarm. False alarm is reduced by monitoring three different parametersand analyzing the using same method simultaneously. Final decision is made based on majority result. The proposed mechanism is a better mechanism to defend SYN flood attack in MANET compared to the existing mechanisms.