A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks


Degirmencioglu A., Erdogan H. T. , Mizani M. A. , Yilmaz O.

IEEE/IFIP Network Operations and Management Symposium (NOMS), İstanbul, Turkey, 25 - 29 April 2016, pp.1109-1112 identifier

  • Publication Type: Conference Paper / Full Text
  • City: İstanbul
  • Country: Turkey
  • Page Numbers: pp.1109-1112

Abstract

SYN flood is a commonly used Distributed Denial of Service (DDoS) attack. SYN flood DDoS attacks consume considerable amount of resources in the target machine. Even with straightforward mitigation solutions, any attack causes resource waste and performance loss in the server, rendering it unable to provide service to legitimate clients. We propose an approach for SYN flood attack mitigation based on supervised learning classification methods which identify and block SYN flood traffic before they reach their target, hence preventing resource consumption and loss of performance. At this stage, our method identifies SYN flood attack and applies the classifier models in batch mode. This method chooses the classifiers and adjusts the parameters according to the policies and the changing characteristics of SYN flood attack.