A Novel Syn Flood Detection Mechanism for Wireless Network

SYN flood attack is a distributed denial of service attack (DDoS). This paper presents an effective and more accurate mechanism to detect synflood attack. In the proposed SYN-flood defense mechanism, different transport layer parameters are used to characterize attack, like abnormal increase in SYN packet,SYN-ACK packets, and increase in SYN/FIN rate. Proposed mechanism uses preprocessing and prediction using AR model to predict the traffic. Lyapunov exponent developed using prediction error is used as a threshold to detect attack. Out of the three parameters analyzed using same method, at least two results must be same which is taken as the final decision. To analyze validity of proposed scheme, syn flood attack was created using NS2. Data extracted from trace file, given as an input to the detection scheme developed by MATLAB. Probability of false alarm will be very less, since all the parameters do not show abnormality at the same time in a normal traffic.