Patent · US Expired

Statistical methods for detecting TCP SYN flood attacks

US7114182B2 · kind B2 · utility

5Cited by

4References

16Claims

0Family size

Assignee

Alcatel Canada Inc. · CA

Inventors

Jean-Marc Robert · Ottawa, CA
Brett Howard · Ottawa, CA
Paul Kierstead · Ottawa, CA
Scott D'Souza · Ottawa, CA

Key dates

Filing date	May 31, 2002
Grant date	Sep 26, 2006
Priority date	—
Expiry date	Aug 18, 2024

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.