Review of syn-flooding attack detection mechanism
This is an incremental review paper that synthesizes existing knowledge on SYN flooding detection for network security practitioners.
This paper reviews state-of-the-art detection mechanisms for SYN flooding attacks, a type of Denial of Service threat that can delay server access and waste resources in critical services like e-commerce and healthcare, by classifying and comparing schemes based on router data structures, statistical analysis, and artificial intelligence.
Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. SYN Flooding is a type of DoS which is harmful to network as the flooding of packets may delay other users from accessing the server and in severe cases, the server may need to be shut down, wasting valuable resources, especially in critical real-time services such as in e-commerce and the medical field. The objective of this paper is to review the state-of-the art of detection mechanisms for SYN flooding. The detection schemes for SYN Flooding attacks have been classified broadly into three categories - detection schemes based on the router data structure, detection schemes based on statistical analysis of the packet flow and detection schemes based on artificial intelligence. The advantages and disadvantages for various detection schemes under each category have been critically examined. The performance measures of the categories have also been compared.