HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Syn Flood Attack Detection and Type Distinguishing Mechanism Based on Counting Bloom Filter

Abstract : Presented work focuses onto proposal, implementation and evaluation of the new method for detection and type identification of SYN flood (DoS) attacks. The method allows distinguishing type of detected SYN flood attacks – random, subnet or fixed. Based on Counting Bloom filter, the attack detection and identification algorithm is proposed, implemented and evaluated in KaTaLyzer network traffic monitoring tool. Proof of correctness of the approach for TCP SYN flood attack detection and type identification is provided – both in practical and theoretical manners. In practice, new module for KaTaLyzer is implemented and TCP attacks are detected, identified and network administrator is notified about them in real-time.
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, February 13, 2017 - 2:31:51 PM
Last modification on : Thursday, March 5, 2020 - 4:47:13 PM
Long-term archiving on: : Sunday, May 14, 2017 - 2:02:01 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Tomáš Halagan, Tomáš Kováčik, Peter Trúchly, Andrej Binder. Syn Flood Attack Detection and Type Distinguishing Mechanism Based on Counting Bloom Filter. 3rd International Conference on Information and Communication Technology-EurAsia (ICT-EURASIA) and 9th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Oct 2015, Daejon, South Korea. pp.30-39, ⟨10.1007/978-3-319-24315-3_4⟩. ⟨hal-01466237⟩



Record views


Files downloads