Kriativ-tech Volume 1, Issue 9, April 2018, Pages: xxx Received: Dec. 28, 2019; Accepted: Feb. 25, 2020. Published: Oct. 11, 2021.


Pedro Ramos Brandao, Coordinator Professor at Instituto Superior de Tecnologias AvançadasJeremias Tavares, Master Degree Student at Instituto Superior de Tecnologias Avançadas



To cite this article

Pedro Ramos Brandao, Jeremias Tavares, Detection and Prevention of TCP SYN Flood DoS Attacks: Concepts DOI: 10.31112/kriativ-tech-2021-10-57


Internet security is a topic of high importance, and in recent years it has gained greater popularity with the growing wave of DoS attacks perpetuated through TCP SYN Flood. This kind of attack has several types of motivation: political, unfair competition, human evil. It is intended to deepen the concepts related to this type of attack architecture and which vulnerabilities are exploited that possibly facilitate the success of the SYN Flood. The central attack prevention systems, IDS and IPS, are presented conceptually. A simulation of the attack in a virtually recreated environment is depicted as proof of concept and execution. In contrast, there is evidence of the greater demand and growing sophistication of the means of detection and prevention using modern technologies.


Cybersecurity, IDS, IPS, SYN Flood, DoS


[1] A. Verma, R. Saha, G. Kumar, and T. Kim, "The Security Perspectives of Vehicular Networks: A Taxonomical Analysis of Attacks and Solutions", Appl. Sci., vol. 11, no. 10, 2021, doi: 10.3390/app11104682.[2] A. E. Ibor, F. A. Oladeji, O. B. Okunoye, and O. O. Ekabua, "Conceptualisation of Cyberattack prediction with deep learning", Cybersecurity, vol. 3, no. 1, 2020, doi: 10.1186/s42400-020-00053-7.[3] Y. Shen, E. Mariconti, P. A. Vervier, and G. Stringhini, "Tiresias: Predicting Security Events Through Deep Learning", in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 592–605, doi: 10.1145/3243734.3243811.[4] K. K. Nguyen, D. T. Hoang, D. Niyato, P. Wang, D. Nguyen, E. Dutkiewicz, "Cyberattack detection in mobile cloud computing: A deep learning approach", 2018 IEEE Wireless Communications and Networking Conference (WCNC), Barcelona, pp. 1-6 2018,[5] Q. Zhang, K. Liu, Y. Xia, & A. Ma, "Optimal Stealthy Deception Attack Against Cyber-Physical Systems", IEEE transactions on cybernetics, 50(9), 2019, 3963–3972.[6] M. Al-Qatf, Y. Lasheng, M. Al-Habib, K. Al-Sabahi, "Deep learning approach combining sparse autoencoder with SVM for network intrusion detection", IEEE Access 6, pp. 843–856, 2018.[7] B. Bouyeddou, B. Kadri, F. Harrou, Y. Sun, "DDOS-attacks detection using an efficient measurement-based statistical mechanism", Eng. Sci. Technol. an Int. J., vol. 23, no. 4, pp. 870–878, 2020, doi: 10.1016/j.jestch.2020.05.002.[8] S. Shin, V. Yegneswaran, P. Porras, G. Gu, "AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks", in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 413–424, doi: 10.1145/2508859.2516684.[9] M. Junaid et al., "An Indigenous Solution for SYN Flooding", Rev. GEINTEC-GESTAO Inov. E Tecnol., vol. 11, no. 4, pp. 2998–3022, 2021[10] M. Rahouti, K. Xiong, N. Ghani, F. Shaikh, "SYNGuard: Dynamic threshold-based SYN flood attack detection and mitigation in software-defined networks", IET Networks, vol. 10, no. 2, pp. 76–87, 2021, doi:[11] N. McKeown et al., "OpenFlow: Enabling innovation in campus networks", Comput. Commun. Rev., vol. 38, pp. 69-74, 2008, doi: 10.1145/1355734.1355746.[12] E. Grimit, T. Gneiting, V. Berrocal, N.A. Johnson, "The continuously ranked probability score for circular variables and its application to mesoscale forecast ensemble verification", Quart. J. R. Meteorol. Soc. 132 (621C) 2006,[13] J. Matheson, R. Winkler, "Scoring rules for continuous probability distributions", Manage. Sci. 22 (10) 1087–1096, 1976,[14] S. Fichera, L. Galluccio, S. Grancagnolo, G. Morabito, S. Palazzo, "Operetta: An OpenFlow-based remedy to mitigate TCP synflood attacks against web servers", Computer Networks, 92:89–100, 2015.[15] R. Mohammadi, R. Javidan, M. Conti. "Slicots: An sdn-based lightweight countermeasure for TCP syn flooding attacks", IEEE Transactions on Network and Service Management, 2017.[16] B. A. Khalaf et al., "A simulation study of syn flood attack in a cloud computing environment," AUS J., vol. 26, no. 1, pp. 188–197, 2019.