Home   >   CSC-OpenAccess Library   >    Manuscript Information
Anomaly Detection of IP Header Threats
S. H. C. Haris, Ghossoon Mohammed Waleed Al-Saadoon, Asso. Prof. Dr. R. B. Ahmad, M. A. H. A. Ghani
Pages - 497 - 504     |    Revised - 31-01-2011     |    Published - 08-02-2011
Volume - 4   Issue - 6    |    Publication Date - January / February  Table of Contents
TCP SYN Flood, rate-based detection, three-way handshake, IP Header, TCP Header
Threats have become a big problem since the past few years since computer viruses are widely recognized as a significant computer threat. However, the role of Information Technology security must be revisit again since it is too often, IT security managers find themselves in the hopeless situation of trying to uphold a maximum of security as requested from management. While at the same time they are considered an obstacle in the way of developing and introducing new applications into business and government network environments. This paper will focus on Transmission Control Protocol Synchronize Flooding attack detections using the Internet Protocol header as a platform to detect threats, especially in the IP protocol and TCP protocol, and check packets using anomaly detection system which has many advantages, and applied it under the open source Linux. The problem is to detect TCP SYN Flood attack through internet security. This paper also focusing on detecting threats in the local network by monitoring all the packets that goes through the networks. The results show that the proposed detection method can detect TCP SYN Flooding in both normal and attacked network and alert the user about the attack after sending the report to the administrator. As conclusion, TCP SYN Flood and other attacks can be detected through this traffic monitoring tools if the abnormal behaviors of the packets are recognized such as incomplete TCP three-way handshake application and IP header length.
CITED BY (6)  
1 Caselli, M., Zambon, E., & Kargl, F. (2015, April). Sequence-aware Intrusion Detection in Industrial Control Systems. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (pp. 13-24). ACM.
2 Houngbo, P. J. (2015). Network Security: Experiment of Network Health Analysis At An ISP. International Journal of Computer Science and Security (IJCSS), 9(1), 1.
3 Bayeva, Z. Detection and Containment the Attack that Leads to a Denial of Service Attack.
4 Seo, D., Lee, H., & Perrig, A. (2013). APFS: adaptive probabilistic filter scheduling against distributed denial-of-service attacks. Computers & Security, 39, 366-385.
5 Ahangari, S., Modiri, N., & Zadeh, A. K. (2012). A New Hybrid Model Security Management in Wireless Networks. International Proceedings of Computer Science and Information Technology, 57, 30.
6 Bhatnagar, R., & Shankar, U. (2012). The proposal of hybrid intrusion detection for defence of sync flood attack in wireless sensor network. International Journal of Computer Science & Engineering Survey, 3(2), 31-38.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Socol@r  
7 ResearchGATE 
8 Libsearch 
9 Bielefeld Academic Search Engine (BASE) 
10 Scribd 
11 WorldCat 
12 SlideShare 
13 PdfSR 
1. ”Using SYN Flood Protection in SonicOS Enhanced”,[online] available at: http://www.sonicwall.com/us/support/2134_3480.html
10. Franciszek, Seredynski & Pascal Bouvry “Anomaly detection in TCP/IP networks using immune systems paradigm”, ELSEVER , Computer Communications 30 (2007) 740–749, _ 2006 Elsevier B.V. All rights reserved.
11. Matthew V. Mahoney and Philip K. Chan, “PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic”, Florida Institute of Technology Technical Report CS-2001-04
12. Signature Detection”, [online] available at: http://www.javvin.com/networksecurity/SignatureDetection.html
13. M. Bykova, S. Ostermann, “Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet”, 2nd Internet Measurent Workshop (IMW 2002), Nov. 2002.
2. Roesch, Martin, "Snort - Lightweight Intrusion Detection for Networks", Proc. USENIX Lisa '99, Seattle: Nov. 7-12, 1999.
3. Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time", Lawrence Berkeley National Laboratory Proceedings, 7’Th USENIX Security Symposium, Jan. 26-29, 1998, San Antonio TX.
4. Mahoney, M, “Network Traffic Anomaly Detection Based on Packet”, ACM (2003).
5. H. Wang, D. Zhang, K. G. Shin, “Detecting SYN Flooding Attacks “, Proc. INFOCOM IEEE Communications Society, (2002).
6. R. Rao, K., Sumeet, S., & V. George, “On Scalable Attack Detection in the Network”, Networking, IEEE/ACM Transactions on, 15(1):14-25.
7. Beaumont-Gay, M, “A Comparison of SYN Flood Detection Algorithms”, Internet Monitoring and Protection, 2007. ICIMP 2007.
8. V.A. Siris, F.Papagalou. “Application of anomaly detection algorithms for detecting SYN flooding attacks”, Proc. of Globecom, IEEE Communications Society, 2004.
9. “Signature Detection”, [online] available at: http://www.javvin.com/networksecurity/SignatureDetection.html
Miss S. H. C. Haris
University Malaysia Perlis (UniMAP) - Malaysia
Dr. Ghossoon Mohammed Waleed Al-Saadoon
Applied Science University (ASU) - Bahrain
Associate Professor Asso. Prof. Dr. R. B. Ahmad
- Malaysia
Mr. M. A. H. A. Ghani
University Malaysia Perlis (UniMAP), - Malaysia

View all special issues >>