Home // ICNS 2011, The Seventh International Conference on Networking and Services // View article

Stateful or Stateless Flooding Attack Detection?

Authors:
Martine Bellaïche
Jean-Charles Grégoire

Keywords: Denial of Service; SYN Flooding; TCP Handshake; Network Security.

Abstract:
SYN flooding attacks exploit the 3-way handshake characteristic of TCP connection setup to cause denials of service. Many techniques have been proposed for the detection of flooding attacks; most are stateless while a few are stateful. A stateful method keeps specific information on flows of packets while stateless methods will only keep counters on specific packet features. The low performance impact of stateless methods has led to their predominance in practical deployments. We introduce a methodology to support a comparison between methods, which allows to quantify all key factors which can be used to assess and compare performance and see how they can be built into a metric. In this article, we evaluate and compare the performance of two key DoS detection techniques, one stateless and one stateful, and investigate their relative merits.

Pages: 208 to 212

Copyright: Copyright (c) IARIA, 2011

Publication date: May 22, 2011

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-61208-133-5

Location: Venice/Mestre, Italy

Dates: from May 22, 2011 to May 27, 2011