Cached Guaranteed-Timer Random Drop (Cached GT-RD) for Protecting Web Servers from TCP SYN-Flood Attacks and Flash Crowds

This paper proposes a new method and algorithm to efficiently protect web servers against SYN-flooding denial-of-service attacks and flash crowds. The method proposes use of cache to avoid preemption of legitimate SYN messages from the TCP backlog queue in Random Drop (RD) method during SYN-flooding attacks. A new algorithm, the Cached Guaranteed Timer Random Drop (Cached GT-RD), was designed to maximize the effect of the cache during flash crowds. Performance of the Cached GT-RD was evaluated and compared to an existing solution, the Probabilistic Pre-filtering Random Drop (PPRD), using the simulation method. The experiments demonstrated that Cached GT-RD improved the connection rate and throughput by 67.4 and 73.2% from PP-RD. Cached GT-RD also improved the fairness for slowconnection clients, who most suffer from SYN-flooding attacks and flash crowds. For small TCP backlog queue, the successful connection rate of slow-connection clients became four times better than PP-RD. The proposed solution does not require any modification in either hardware or software for existing data transmissions using TCP/IP. The results of simulation experiments suggest that use of cache will be an efficient and practical solution for both SYN-flooding attacks and flash crowds and Cached GT-RD will be effective in improving fairness in connections.