Defense Against TCP Flooding Attack

Seungyong Yoon; Ikkyun Kim; Jintae Oh; Jongsoo Jang

doi:10.5220/0004119604160420

Defense Against TCP Flooding Attack

Seungyong Yoon, Ikkyun Kim, Jintae Oh, Jongsoo Jang

2012

Abstract

This paper generally relates to a DDoS attack prevention method, more particularly, to a Transmission Control Protocol (TCP) flooding attack prevention method which defines several session states based on the type and direction of a packet, tracks the session state for each flow, and detects and responds to a flooding attack. An anti-DDoS system with a capacity of 20Gbps throughput, we call ‘ALADDIN’ system, was implemented in FPGA based reconfigurable hardware. The possibility of high-speed hardware implementation was shown in this paper. The system was tested using existing DDoS attack tools in 8Gbps of background traffic. According to the test results, TCP flooding attacks could be defended through our proposed method rapidly and accurately.

Download

Paper Citation

in Harvard Style

Yoon S., Oh J., Kim I. and Jang J. (2012). Defense Against TCP Flooding Attack . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 416-420. DOI: 10.5220/0004119604160420

in Bibtex Style

@conference{secrypt12,
author={Seungyong Yoon and Jintae Oh and Ikkyun Kim and Jongsoo Jang},
title={Defense Against TCP Flooding Attack},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={416-420},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004119604160420},
isbn={978-989-8565-24-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Defense Against TCP Flooding Attack
SN - 978-989-8565-24-2
AU - Yoon S.
AU - Oh J.
AU - Kim I.
AU - Jang J.
PY - 2012
SP - 416
EP - 420
DO - 10.5220/0004119604160420