|
| Anomaly Detection of IP Header Threats
|
|
Full
text: |
 PDF(564.6KB) |
|
|
Source |
International Journal of Computer Science and Security (IJCSS) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(4.93MB) |
|
Volume: 4 Issue: 6 |
| |
Pages: 497-610 |
|
Publication
Date: January / February |
|
ISSN
(Online): 1985-1553 |
|
|
|
|
|
Pages |
497 - 504 |
|
Author(s) |
|
|
|
Published
Date |
08-02-2011 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: TCP SYN Flood, rate-based detection, three-way handshake, IP Header, TCP Header |
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. Scribd |
| 2. refSeek |
| 3. Socol@r |
| 4. iSEEK |
| 5. Docstoc |
| 6. Google Scholar |
| 7. WorldCat |
| 8. Libsearch |
| 9. Academic Journals Database |
| 10. ResearchGATE |
| 11. Bielefeld Academic Search Engine (BASE) |
| 12. Directory of Open Access Journals (DOAJ) |
| |
|
| |
|
|
| Threats have become a big problem since the past few years since computer viruses are widely recognized as a significant computer threat. However, the role of Information Technology security must be revisit again since it is too often, IT security managers find themselves in the hopeless situation of trying to uphold a maximum of security as requested from management. While at the same time they are considered an obstacle in the way of developing and introducing new applications into business and government network environments.
This paper will focus on Transmission Control Protocol Synchronize Flooding attack detections using the Internet Protocol header as a platform to detect threats, especially in the IP protocol and TCP protocol, and check packets using anomaly detection system which has many advantages, and applied it under the open source Linux.
The problem is to detect TCP SYN Flood attack through internet security. This paper also focusing on detecting threats in the local network by monitoring all the packets that goes through the networks. The results show that the proposed detection method can detect TCP SYN Flooding in both normal and attacked network and alert the user about the attack after sending the report to the administrator.
As conclusion, TCP SYN Flood and other attacks can be detected through this traffic monitoring tools if the abnormal behaviors of the packets are recognized such as incomplete TCP three-way handshake application and IP header length.
|
| |
|
| |
|
| |
| 1 |
1. ”Using SYN Flood Protection in SonicOS Enhanced”,[online] available at: http://www.sonicwall.com/us/support/2134_3480.html
|
|
|
| 2 |
2. Roesch, Martin, "Snort - Lightweight Intrusion Detection for Networks", Proc. USENIX Lisa '99, Seattle: Nov. 7-12, 1999.
|
|
|
| 3 |
3. Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time", Lawrence Berkeley National Laboratory Proceedings, 7’Th USENIX Security Symposium, Jan. 26-29, 1998, San Antonio TX.
|
|
|
| 4 |
4. Mahoney, M, “Network Traffic Anomaly Detection Based on Packet”, ACM (2003).
|
|
|
| 5 |
5. H. Wang, D. Zhang, K. G. Shin, “Detecting SYN Flooding Attacks “, Proc. INFOCOM IEEE Communications Society, (2002).
|
|
|
| 6 |
6. R. Rao, K., Sumeet, S., & V. George, “On Scalable Attack Detection in the Network”, Networking, IEEE/ACM Transactions on, 15(1):14-25.
|
|
|
| 7 |
7. Beaumont-Gay, M, “A Comparison of SYN Flood Detection Algorithms”, Internet Monitoring and Protection, 2007. ICIMP 2007.
|
|
|
| 8 |
8. V.A. Siris, F.Papagalou. “Application of anomaly detection algorithms for detecting SYN flooding attacks”, Proc. of Globecom, IEEE Communications Society, 2004.
|
|
|
| 9 |
9. “Signature Detection”, [online] available at: http://www.javvin.com/networksecurity/SignatureDetection.html
|
|
|
| 10 |
10. Franciszek, Seredynski & Pascal Bouvry “Anomaly detection in TCP/IP networks using immune systems paradigm”, ELSEVER , Computer Communications 30 (2007) 740–749, _ 2006 Elsevier B.V. All rights reserved.
|
|
|
| 11 |
11. Matthew V. Mahoney and Philip K. Chan, “PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic”, Florida Institute of Technology Technical Report CS-2001-04
|
|
|
| 12 |
12. Signature Detection”, [online] available at: http://www.javvin.com/networksecurity/SignatureDetection.html
|
|
|
| 13 |
13. M. Bykova, S. Ostermann, “Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet”, 2nd Internet Measurent Workshop (IMW 2002), Nov. 2002.
|
|
|
| |
|
| |
|
| |
| |
|
| |
|
| |
| 1 |
yasni
|
| 2 |
silicon.com
|
| 3 |
ZDNet
|
| 4 |
TechRepublic
|
| |
|
| |
|
| |
|
| S. H. C. Haris : Colleagues
|
|
| Ghossoon Mohammed Waleed Al-Saadoon : Colleagues
|
|
| Asso. Prof. Dr. R. B. Ahmad : Colleagues
|
|
| M. A. H. A. Ghani : Colleagues
|
|
