Self-managing defense against SYN-flooding attacks

SYN-flooding attack uses the weakness available in TCP’s three-way handshake process to keep it from handling legitimate requests. This attack causes the victim host to populate its backlog queue with forged TCP connections. In other words it increases PSA (probability of success of attack) and decreases BUE (buffer utilization efficiency) in the victim host and results to decreased performance of the host. This paper proposes a self-managing approach, in which the host defends against SYNflooding attack by dynamically tuning off its own two parameters, that is, m (maximum number of halfopen connections) and h (hold time for each half-open connection). In this way, it formulates the defense problem, an optimization problem and then employs the particle swarm optimization (PSO) algorithm to solve it. The simulation results show that the proposed defense strategy improves performance of the under attack system in terms of BUE and PSA.