Skip to main content

Multifractal detrended fluctuation analysis based detection for SYN flooding attack

Research Authors
Dalia Nashat and Fatma A. Hussain
Research Date
Research Department
Research Journal
Computers & Security
Research Publisher
Elsevier
Research Year
2021
Research Abstract

The TCP SYN flooding (half-open connection) attack is a type of DDoS attack, which denies
the services by consuming the server resources. This attack prevents legitimate users
from using their desired service. The SYN flooding attack exploits the normal TCP three-way
handshake by sending stream of SYN packets to the server with spoofed IP addresses. The
detection of this attack is hard since the internet routing infrastructure cannot differenti-
ate between legitimate and spoofed SYN packets. In this paper we present a new detection
method for the SYN flooding attack based on Multifractal Detrended Fluctuation Analysis
(MFDFA) in addition to an adaptive threshold, thus we can detect the abnormal behavior in
the TCP protocol time series.