Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card

Byoung-Koo Kim; Ik-Kyun Kim; Dae-Won Kim; Jin-Tae Oh; Jong-Soo Jang; Tai-Myoung Chung

Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card

Vol. 21, No. 2, pp. 119-130, Apr. 2011

10.13089/JKIISC.2011.21.2.119, Full Text:

Keywords: DDoS attack, NIC_Cookie, TCP Proxy
Abstract

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

Statistics

Show / Hide Statistics

Cite this article

[IEEE Style]

B. Kim, I. Kim, D. Kim, J. Oh, J. Jang, T. Chung, "Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card," Journal of The Korea Institute of Information Security and Cryptology, vol. 21, no. 2, pp. 119-130, 2011. DOI: 10.13089/JKIISC.2011.21.2.119.

[ACM Style]

Byoung-Koo Kim, Ik-Kyun Kim, Dae-Won Kim, Jin-Tae Oh, Jong-Soo Jang, and Tai-Myoung Chung. 2011. Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card. Journal of The Korea Institute of Information Security and Cryptology, 21, 2, (2011), 119-130. DOI: 10.13089/JKIISC.2011.21.2.119.