A hybrid model against TCP SYN and reflection DDoS attacks

Udaya Kiran Tupakula, Vijay Varadharajan

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


Distributed Denial of service (DDoS) attacks are one of the complex problems in the current Internet. TCP SYN and Reflection DDoS attacks have some distinct features which make them more difficult to deal with compared to the direct flooding DDoS attacks. In this paper, we analyze the TCP SYN and Reflection DDoS attacks and propose a hybrid model which comprises an enhanced automated model integrated with selected existing techniques to counteracting the above mentioned DDoS attacks efficiently. The hybrid model is invoked only during the attack times. In addition to dealing with the direct flooding aspect of TCP SYN and Reflection DDoS attacks, our model also drops the packets that are root cause for these attacks. Our model enables the victim to differentiate between the traffic that is originating from benign and malicious networks. Hence the victim can provide better services to the networks from which good traffic is originating and completely eliminate or provide limited service to the networks from which attack traffic is originating. The novelty of hybrid model lies in making efficient usage of the advantages present in different proposed techniques and minimizing their disadvantages, thereby making it more practical for the model to be deployed in the Internet. We describe a prototype implementation of the hybrid model with HP OpenView Network Node Manager (NNM) and analyse the results. The results indicate the potential usefulness of the proposed model in counteracting DDoS attacks in practice.

Original languageEnglish
Pages (from-to)153-166
Number of pages14
JournalComputer Systems Science and Engineering
Issue number3
Publication statusPublished - May 2008


Dive into the research topics of 'A hybrid model against TCP SYN and reflection DDoS attacks'. Together they form a unique fingerprint.

Cite this