Abstract—In this paper, we propose an accurate sampling
scheme for defeating SYN flooding attacks as well as TCP
portscan activity. The scheme examines TCP segments to find
at least one of multiple ACK segments coming from the server
to validate legitimate connections. The method achieves good
detection performance with false positive rate close to zero even
for very low sampling rates. Our trace-based simulations show
that the effectiveness of the proposed scheme only relies on the
sampling rate regardless on the sampling method.
Home > Keywords > mise en page > alaune