SYN Flood Attack Detection Usiing AR Model

Document Type : Original Article

Authors

1 Dept. of Electronics and Electrical Communications, Faculty of Electronic Engineering, Menoufia University.

2 Computer Science and Eng., Faculty of Electronic Eng., Menoufia University.

Abstract

Due to the sophisticated characteristics of auto-regressive (AR)
modeling approach, it finds applications in most anomaly detection
processes. This paper extends the concept of AR modeling to
create models for the estimated auto-correlation between data and
control planes packet counts of the network traffic. These models
are fed with the anomaly traffic containing SYN flood attack. The
estimated residuals in these scenarios are used as indicators for
the attacks. Simulation results revealed the success of attack
detection using the proposed approach.

Keywords

References

h: 0px; "> [1] M. Manna and A. Amphawan “Review Of Syn-Flooding Attack Detection
Mechanism,” International Journal of Distributed and Parallel Systems
(IJDPS), Vol.3, No.1, January 2012.
[2] https://en.wikipedia.org/wiki/SYN_flood (Access date Dec. 3, 2017)
[3] B. AsSadhan, H. Kim, J. Moura, and X. Wang, “Network Traffic Behavior
Analysis by Decomposition into Control and Data Planes,"
InternationalWorkshop on Security in Systems and Networks (SSN) with
conjunction of IEEE International Parallel and Distributed Processing
Symposium (IPDPS), Miami, FL, USA, Apr. 18, 2008.
[4] http://en.wikipedia.org/wiki/Cross-correlation (Access date Dec.
3, 2017.
[5] A. Aibinu and J. Salami, A. Shafie , A. Najeeb “Comparing Autoregressive
Moving Average (ARMA) coefficients determination using Artificial
Neural Networks with other techniques” World Academy of Science,
Engineering and Technology, 18, 2008.
[6] http://en.wikipedia.org/wiki/Autoregressive_model (Access
date Dec. 3, 2017).

Files

Share

How to cite

Statistics