Park et al., 2003 - Google Patents
Design of an extended TCP for preventing DOS attacksPark et al., 2003
- Document ID
- 40525243530481325
- Author
- Park Z
- Lee J
- Kim M
- Publication year
- Publication venue
- 7th Korea-Russia International Symposium on Science and Technology, Proceedings KORUS 2003.(IEEE Cat. No. 03EX737)
External Links
Snippet
Denial of Service (DoS) attacks have become, in today's Internet, one of the most difficult issues to address. In the DoS attacks, the attackers consume all of the computing or communication resources that are needed for providing the services. TCP has drawbacks in …
- 235000010384 tocopherol 0 title abstract description 65
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—High level architectural aspects of 7-layer open systems interconnection [OSI] type protocol stacks
- H04L69/322—Aspects of intra-layer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Aspects of intra-layer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer, i.e. layer seven
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/163—Adaptation of TCP data exchange control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/02—Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/28—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/12—Protocol engines, e.g. VLSIs or transputers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Harris et al. | TCP/IP security threats and attack methods | |
| KR100431231B1 (en) | Method and system for defeating tcp syn flooding attacks | |
| US6775704B1 (en) | System and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment | |
| US7234161B1 (en) | Method and apparatus for deflecting flooding attacks | |
| KR101054705B1 (en) | Method and apparatus for detecting port scans with counterfeit source addresses | |
| US9633202B2 (en) | Managing a DDoS attack | |
| CN101072106B (en) | Method and system for defending against denial of service attacks | |
| US8132018B2 (en) | Techniques for password attack mitigation | |
| AU2005207632B2 (en) | Upper-level protocol authentication | |
| Wang et al. | Syn-dog: Sniffing syn flooding sources | |
| JP4373306B2 (en) | Method and apparatus for preventing distributed service denial attack against TCP server by TCP stateless hog | |
| Thing et al. | A survey of bots used for distributed denial of service attacks | |
| CN102014110A (en) | Method for authenticating communication flows, communication system and protective device | |
| Kavisankar et al. | A mitigation model for TCP SYN flooding with IP spoofing | |
| Kumarasamy et al. | An active defense mechanism for TCP SYN flooding attacks | |
| Safa et al. | A collaborative defense mechanism against SYN flooding attacks in IP networks | |
| Park et al. | Design of an extended TCP for preventing DOS attacks | |
| Singh et al. | Analysis of Botnet behavior using Queuing theory | |
| Djalaliev et al. | Sentinel: hardware-accelerated mitigation of bot-based DDoS attacks | |
| US10079857B2 (en) | Method of slowing down a communication in a network | |
| Kavisankar et al. | CNoA: Challenging Number Approach for uncovering TCP SYN flooding using SYN spoofing attack | |
| Srivatsa et al. | A client-transparent approach to defend against denial of service attacks | |
| Leu et al. | Intrusion detection with CUSUM for TCP-based DDoS | |
| US8024801B2 (en) | Networked computer system with reduced vulnerability to directed attacks | |
| Smith et al. | Comparison of operating system implementations of SYN flood defenses (cookies) |