Synmon architecture for source-based SYN-flooding defense on network processor
Distributed denial-of-service attacks remains inflict damage to the Internet services, after almost five years since its large-scale explosion. The demand for robust and high-speed firewall has led to the advent of hardware-based DDoS defense system. Network processor is becoming the cornerstone of...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Published: |
2005
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2405/ |
| _version_ | 1848790046944002048 |
|---|---|
| author | Lim,, BP Uddin,, MS |
| author_facet | Lim,, BP Uddin,, MS |
| author_sort | Lim,, BP |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | Distributed denial-of-service attacks remains inflict damage to the Internet services, after almost five years since its large-scale explosion. The demand for robust and high-speed firewall has led to the advent of hardware-based DDoS defense system. Network processor is becoming the cornerstone of many new firewall designs due to its programmability and high performance packet processing ability. In this paper, we propose an innovative and practical syn-flooding defense system built on network processor. An embedded architecture, called synmon is proposed. We characterize our solution as a source-based autonomous system which resides in upstream border routers. It detects wide-range of attacks and blocks large portion of attack traffic before flooding into core network. Change-point detection algorithm is employed to detect occurrence of syn-flooding attack. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A fuzzy-based adaptive rate-limiting mechanism is proposed to restrict intensity of outgoing SYN packets. Under the per-flow mitigation scheme, while the attacker is penalized with limited outgoing connection, the legitimate clients in the same subnet are free from collateral damage. A hardware prototype of synmon embedded router is developed. We demonstrate that the synmon architecture seamlessly integrates with common routing tasks while providing cost-effective service for SYN-flooding defense system on network processor platform. |
| first_indexed | 2025-11-14T18:06:24Z |
| format | Article |
| id | mmu-2405 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:06:24Z |
| publishDate | 2005 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-24052011-08-22T03:03:05Z http://shdl.mmu.edu.my/2405/ Synmon architecture for source-based SYN-flooding defense on network processor Lim,, BP Uddin,, MS TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television Distributed denial-of-service attacks remains inflict damage to the Internet services, after almost five years since its large-scale explosion. The demand for robust and high-speed firewall has led to the advent of hardware-based DDoS defense system. Network processor is becoming the cornerstone of many new firewall designs due to its programmability and high performance packet processing ability. In this paper, we propose an innovative and practical syn-flooding defense system built on network processor. An embedded architecture, called synmon is proposed. We characterize our solution as a source-based autonomous system which resides in upstream border routers. It detects wide-range of attacks and blocks large portion of attack traffic before flooding into core network. Change-point detection algorithm is employed to detect occurrence of syn-flooding attack. It performs per-flow attack detection based on SYN and ACK packets exchanged in TCP friendly flow. A fuzzy-based adaptive rate-limiting mechanism is proposed to restrict intensity of outgoing SYN packets. Under the per-flow mitigation scheme, while the attacker is penalized with limited outgoing connection, the legitimate clients in the same subnet are free from collateral damage. A hardware prototype of synmon embedded router is developed. We demonstrate that the synmon architecture seamlessly integrates with common routing tasks while providing cost-effective service for SYN-flooding defense system on network processor platform. 2005 Article NonPeerReviewed Lim,, BP and Uddin,, MS (2005) Synmon architecture for source-based SYN-flooding defense on network processor. 2005 Asia-Pacific Conference on Communications (APCC), Vols 1& 2. pp. 995-999. |
| spellingShingle | TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television Lim,, BP Uddin,, MS Synmon architecture for source-based SYN-flooding defense on network processor |
| title | Synmon architecture for source-based SYN-flooding defense on network processor |
| title_full | Synmon architecture for source-based SYN-flooding defense on network processor |
| title_fullStr | Synmon architecture for source-based SYN-flooding defense on network processor |
| title_full_unstemmed | Synmon architecture for source-based SYN-flooding defense on network processor |
| title_short | Synmon architecture for source-based SYN-flooding defense on network processor |
| title_sort | synmon architecture for source-based syn-flooding defense on network processor |
| topic | TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television |
| url | http://shdl.mmu.edu.my/2405/ |