Method to detect SYN flood attack

Information security – Monitoring or scanning of software or data including attack... – Intrusion detection

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Method to detect SYN flood attack Method to detect SYN flood attack

: 2011-01-04
: 2011-01-04
: Revak, Christopher A (Department: 2431)
: Information security
: Monitoring or scanning of software or data including attack...
: Intrusion detection

: C709S224000
: Reexamination Certificate
: active
: 07865954
: ABSTRACT:
The invention is a method of predicting a SYN flooding attack on a server. The method tracks the number of SYN signals received (or SYN+ACK signals sent) over the communications port of the server in a specified time interval, the arrival estimation window. The invention then predicts the number of anticipated ACK signals to be received over the communication port within a predetermined time length prediction window. The prediction may be made at multiple points within the prediction window. The prediction window is offset in time from the arrival estimation window. The prediction of ACK signals to be received is based upon the number of SYN signals received or SYN+ACK signals sent in the arrival estimation window. In one embodiment, a polynomial is fit to the data in the Arrival estimation window and extrapolated to the prediction window. The predicted number of ACK signals is compared to the actual number received in the prediction window, and if the difference is in excess of a threshold value, and attack is indicated.

REFERENCES:
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6772334 (2004-08-01), Glawitsch
patent: 6816910 (2004-11-01), Ricciulli
patent: 6823387 (2004-11-01), Srinivas
patent: 6973040 (2005-12-01), Ricciulli
patent: 7043756 (2006-05-01), Tsafnat et al.
patent: 7058718 (2006-06-01), Fontes et al.
patent: 7114182 (2006-09-01), Robert et al.
patent: 7137144 (2006-11-01), Attwood et al.
patent: 7143180 (2006-11-01), Chaar et al.
patent: 7190671 (2007-03-01), D'Souza et al.
patent: 7203961 (2007-04-01), Dalal et al.
patent: 7219228 (2007-05-01), Lin
patent: 7234161 (2007-06-01), Maufer et al.
patent: 7283461 (2007-10-01), D'Souza et al.
patent: 7284272 (2007-10-01), Howard et al.
patent: 7363652 (2008-04-01), Yang et al.
patent: 7464410 (2008-12-01), Halasz et al.
patent: 7512980 (2009-03-01), Copeland et al.
patent: 7657934 (2010-02-01), Poletto et al.
patent: 2003/0226035 (2003-12-01), Robert et al.
patent: 2004/0153669 (2004-08-01), Yang et al.
patent: 2007/0226239 (2007-09-01), Johnson et al.
H. Wang, D. Zhang, and K. G. Shin, “Detecting SYN Flooding Attachks,” In the proceedings of IEEE INFOCOM 2002, pp. 1530-1539, 2002.
H. Wang, D. Zhang and K.G. Shin, “SYN-dog; Sniffing SYN Flooding Sources,” In the proceedings of 22nd International Conference on Distributed Computing Systems, pp. 421-428, 2002.
Q. Xiaofeng, H. Jihong, and C. Ming, “A Mechanism to Defend SYN Flooding Attack Based on Network Measurement System,” In the proceedings of the Second International Conference on Information Technology: Research & Education, pp. 208-212, 2004.
V. A. Siris and F. Papagalou, “Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks,” In the proceedings of the IEEE Global Telecommunications Conference (GLOBECOM '04), vol. 4, pp. 2050-2054, 2004.
H. Wang, D. Zhang, and K.G. Shin, “Change-point Monitoring for the Detection of DoS Attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 1, No. 4 pp. 193-208, Oct.-Dec. 2004.
J. Haggerty, T. Berry, Q. Shi, and M. Merabti, “DiDDeM: A System for Early Detection of TCP SYN Flood Attacks,” In the proceedings of the IEEE Global Telecommunications Conference (GLOBECOM '04), vol. 4, pp. 2037-2042.
B. Xiao, W. Chen, Y. He, E. H. M. Sha, “An Active Detecting Method Against SYN Flooding Attack,” In the proceedings of the 11th International Conference on Parallel and Distributed Systems (ICPADS '05). Vo. 1, pp. 709-715, 2005.
S. Shin, K. Kim and J. Jang, “D-SAT: Detecting SYN Flooding Attack by Two-stage Statistical Approach,” In the proceedings of the 2005 Symposium on Applications and the Internet, pp. 430-436, 2005.
B.P. Lim and M. S. Uddin, “Statistical-based SYN-flooding Detection using Programmable Network Processor,” Third International Conference on Information Technology and Application (ICITA 2005), vol. 2, pp. 465-470, 2005.
A. G. Tartakovsky, B. L. Rozovskii, R. B. Blazek, and H. Kim, “A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods,” IEEE Transactions on Signal Processing, vol. 54, No. 9, pp. 3372-3382, Sep. 2006.
W. Chen and D. Yeung, “Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing,” in the proceedings of the International Conference on Networking, International Conference on Systems, and International Conference on Mobile Communications and Learning Technologies (ICN/ICONS/MCL 2006), pp. 38-38, 2006.
D. M. Divakaran, H.A. Murthy, and T. A. Gonsalves, “Detection of SYN Flooding Attacks using Linear Prediction Analysis,” in the proceedings of the 14th IEEE International Conference on Networks (ICON '06), vol. 1, pp. 1-6, Sep. 2006.
A. Gemona, I Duncan and A. Miller, “NEMESI: Using a TCP Finite State Machine Against TCP SYN Flooding Attacks,” in the proceedings of the Sixth Annual Postgraduate Symposium on the Convergence of Telecommunications, Networking, and Broadcasting (PGNet 06), pp. 297-303, 2006.
M. Beaumont-Gay “A Comparison of SYN Flood Detection Algorithms,” in the proceedings of the Second International Conference on Internet Monitoring and Protection (ICIMP '07), pp. 1-6, 2007.
R. R. Kompella, S. Singh, and G. Varghese, “On Scalable Attack Detection in the Network,” IEEE/ACM Transaction on Networking, vol. 15, No. 1, pp. 14-25, Feb. 2007.
Andre Zuquete, “Improving the Functionality of SYN Cookies,” Report IST/INESC-ID Lisboa, pp. 1-21, Lisboa, Portugal.

Affiliated with

Balagani Kiran S.

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Phoha Vir V.

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Jones Walker Waechter Poitevent Carrere & Denegre, LLP

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

Louisiana Tech Research Foundation; a division of Louisiana Tech

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

Revak Christopher A

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method to detect SYN flood attack does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method to detect SYN flood attack, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method to detect SYN flood attack will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2723220

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure