Statistical-based SYN-flooding detection using programmable network processor
With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Published: |
2005
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2391/ |
| _version_ | 1848790043250917376 |
|---|---|
| author | Lim, , BP Uddin,, MS |
| author_facet | Lim, , BP Uddin,, MS |
| author_sort | Lim, , BP |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper, we explore the practical implementation of statistical-based SYN-flooding detection system in a network processor-based router. An embedded architecture, called synmon is proposed We employ an instance of change-point detection, non-parametric Cumulative Sum (CUSUM) algorithm, for SYN-flooding detection. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A prototype of synmon embedded forwarder is developed and the performance of synmon under different attack patterns, network loads, sampling interval and tuning parameters is investigated We demonstrate that the synmon architecture seamlessly integrates with common forwarding tasks while providing cost-effective service for SYN-flooding detection on network processor platform. |
| first_indexed | 2025-11-14T18:06:20Z |
| format | Article |
| id | mmu-2391 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:06:20Z |
| publishDate | 2005 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-23912011-08-22T03:12:37Z http://shdl.mmu.edu.my/2391/ Statistical-based SYN-flooding detection using programmable network processor Lim, , BP Uddin,, MS QA75.5-76.95 Electronic computers. Computer science With the growing use of broadband Internet, the demand for hardware-based intrusion detection system (IDS) is exploding. Network processor is poised to be the future platform for hardware-based IDS and firewall due to its programmability and capability to process packets at wire speed. In this paper, we explore the practical implementation of statistical-based SYN-flooding detection system in a network processor-based router. An embedded architecture, called synmon is proposed We employ an instance of change-point detection, non-parametric Cumulative Sum (CUSUM) algorithm, for SYN-flooding detection. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A prototype of synmon embedded forwarder is developed and the performance of synmon under different attack patterns, network loads, sampling interval and tuning parameters is investigated We demonstrate that the synmon architecture seamlessly integrates with common forwarding tasks while providing cost-effective service for SYN-flooding detection on network processor platform. 2005 Article NonPeerReviewed Lim, , BP and Uddin,, MS (2005) Statistical-based SYN-flooding detection using programmable network processor. Third International Conference on Information Technology and Applications, Vol 2, Proceedings . pp. 465-470. |
| spellingShingle | QA75.5-76.95 Electronic computers. Computer science Lim, , BP Uddin,, MS Statistical-based SYN-flooding detection using programmable network processor |
| title | Statistical-based SYN-flooding detection using programmable network processor |
| title_full | Statistical-based SYN-flooding detection using programmable network processor |
| title_fullStr | Statistical-based SYN-flooding detection using programmable network processor |
| title_full_unstemmed | Statistical-based SYN-flooding detection using programmable network processor |
| title_short | Statistical-based SYN-flooding detection using programmable network processor |
| title_sort | statistical-based syn-flooding detection using programmable network processor |
| topic | QA75.5-76.95 Electronic computers. Computer science |
| url | http://shdl.mmu.edu.my/2391/ |