In one implementation, a system for the prevention of malicious attack on a computing resource includes one or more processor; computer memory storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including: observing traffic flow of a network; altering a SYN threshold value based on the observing of the traffic flow of the network; comparing a metric of SYN messages submitted to the network; and based on the comparison of the metric of SYN messages submitted, selectively engaging corrective action with the network.USF inventors have developed a mechanism in which they first examine the impact of the SYN saturation against the data—to—control layer and then follow a novel approach based on the additive increase/multiplicative-decrease (AIMD) algorithm to dynamically calculate and update the threat detection threshold in real time to capture malicious SYN ?ooding traffic. As dynamic SYN ?ooding is a security threat in SDN environment, the inventors have developed a SYNGuard which is a lightweight kernel space security framework to identify and mitigate the SYN ?ood type of DoS attacks. The SYNGuard solution is implemented through an open source SDN controller software and tested over a real world heterogeneous and federate testbed. The experimental findings have demonstrated SYNGuard efficiency and offers a scalable security mechanism for SDN-enabled environments against SYN ?ooding threats.
Brochure