Cached Guaranteed-Timer Random Drop against TCP SYN-Flood Attacks and Flash Crowds

H. Fujinoki (USA)


Network security, denialofservice, and flash crowd


This paper presents a new method for improving web server performance and fairness in the face of SYN flooding and flash crowds. The method proposes use of cache to avoid preemption of legitimate SYN messages from the TCP backlog queue in Random Drop (RD) method. A new algorithm, the Cached Guaranteed Timer Random Drop (Cached GT-RD), was designed to maximize the effect of the cache during flash crowds. Performance of the Cached GT-RD was evaluated and compared to an existing solution, the Probabilistic Pre filtering Random Drop (PP-RD), using the simulation method. The experiments demonstrated that Cached GT RD improved the connection rate and throughput by 67.4 and 73.2% from PP-RD. Cached GT-RD also improved the fairness for slow-connection clients, who most suffer from SYN-flooding attacks and flash crowds. For small TCP backlog queue, the successful connection rate of slow-connection clients became four times better than PP RD. The proposed solution does not require any modification in either hardware or software for existing data transmissions using TCP/IP. The results of simulation experiments suggest that use of cache will be an efficient and practical solution for both SYN-flooding attacks and flash crowds and Cached GT-RD will be effective in improving fairness in connections.

Important Links:

Go Back