Adaptive Timer-Based Countermeasures against TCP SYN Flood Attacks

Access this Article

Search this Article



As a result of the rapid development of the Internet in recent years, network security has become an urgent issue. Distributed denial of service (DDoS) attacks are one of the most serious security issues. In particular, 60 percent of the DDoS attacks found on the Internet are TCP attacks, including SYN flood attacks. In this paper, we propose adaptive timer-based countermeasures against SYN flood attacks. Our proposal utilizes the concept of soft-state protocols that are widely used for resource management on the Internet. In order to avoid deadlock, a server releases resources using a time-out mechanism without any explicit requests from its clients. If we change the value of the timer in accordance with the network conditions, we can add more flexibility to the soft-state protocols. The timer is used to manage the resources assigned to half-open connections in a TCP 3-way handshake mechanism, and its value is determined adaptively according to the network conditions. In addition, we report our simulation results to show the effectiveness of our approach.


  • IEICE Transactions on Communications

    IEICE Transactions on Communications 95(3), 866-875, 2012-03-01

    The Institute of Electronics, Information and Communication Engineers

References:  25


Page Top