A nonparametric adaptive CUSUM method and its application in source-end defense against SYN flooding attacks

Combating DDoS attacks at their sources is still in its infancy. In this paper, a nonparametric adaptive CUSUM (cumulative sum) method is presented, which is proven efficient in detecting SYN flooding attacks close to their sources. Different from other CUSUM methods, this new method has two distinct features: ➀ its detection threshold can adapt itself to various traffic conditions and ➁ it can timely detect the end of an attack within a required delay. Trace-driven simulations are conducted to validate the efficacy of this method in detecting SYN flooding attacks, and the results show that the nonparametric adaptive CUSUM method excels in detecting low-rate attacks.