Detect SYN Flooding Attack in Edge Routers

Distributed Denial-of-Service (DDoS) attacks pose a serious threat to Internet security. Traditional detection methods rely on passively detecting an attacking signature and are inaccurate in the early stages of an attack. This paper proposes a novel defense mechanism that makes use of the edge routers that connect end hosts to the Internet to store and detect whether the outgoing SYN, ACK or incoming SYN/ACK segment is valid. This is accomplished by maintaining a mapping table of the outgoing SYN segments and incoming SYN/ACK segments and establishing the destination and source IP address database. From the result of simulation, the approach presented in this paper yields accurate DDoS alarms at early stage.