Over the past several decades, the Internet usage is becoming more and more prevalent. But many network attacks are created following this trend. In 2015, the total amounts of user of Internet reach 3.3 billion. Hence once the attack like Distributed Denial of Service (DDoS) attack occurs, they will make tremendous financial losses and credential damage.
Network attacks nowadays are followed by the IP spoofing technique. IP spoofing is a technique to masquerade source address of the attacker. It causes security software or hardware difficult to trace attack path and then the security device cannot make correct response.
In this thesis, we propose a mechanism, called Spoofed SYN Packet Detector (SPD), to detect and defense IP spoofing for SYN packet. According to TCP protocol, before two machines want to exchange data packets, they must complete three way handshaking first. Besides, SPD can confirm the validity of the source IP address of the SYN packet in the beginning of the three-way handshaking. Therefore SPD can deny the following connection before the two machine start to exchange illegal data packets.
Experimental results show that under the attack of DDoS attack like TCP SYN flooding attack, SPD can defense it effectively and make the network service operate normally as if there is no attack.
 Internet World Status. Available: http://www.internetworldstats.com/stats.htm
 IP Spoofing Attack: Types and Defensive Measures. Available: https://www.cheapsslshop.com/blog/ip-spoofing-attack-types-and-defensive-measures
 IP Spoofing: An introduction. Available: http://www.symantec.com/connect/articles/ip-spoofing-introduction
 Wikipedia. Idle scan. Available: https://en.wikipedia.org/wiki/Idle_scan
 F.Soldo, A. Markopoulou, K. Argyraki, “Optimal Filtering of Source Address Prefixes: Models and Algorithm,” IEEE INFOCOM, pp.2446-2454, 2009.
 Manusankar. C., Karthik. S., Rajendran. T., “Intrusion Detection System with Packet Filtering for IP spoofing,” International Conference on Communication and Computational Intelligence (INCOCCI), 2010.
 Yuan Tao, Shui Yu, “DDoS Attack Detection at Local Area Networks Using Information Theoretical Metrics,” IEEE International Conference on Trust, Security, and Privacy in Computing and Communications, pp.233-240, 2013.
 Ayman Mukaddam, Imad Elhajj, Ayman Kayssi, Ali Chehab, “IP Spoofing Detection Using Modified Hop Count,” IEEE International Conference on Advanced Information Networking and Applications, pp. 512-516, 2014.
 TCP State Diagram. Available: http://www.dianliwenmi.compostimg_5340231_3.html
 RFC6298. Available: https://tools.ietf.org/html/rfc6298
 吳宏毅, 許富皓, “ 一精確度可至單一主機單一port之IP spoofing 偵測法,” 2007
 Dalia Nashat, Xiaohong Jiang, Susumu Horiguchi, “Detecting SYN Flooding Agents under Any Type of IP Spoofing,” IEEE International Conference on e-Business Engineering, 2008.
 Linux Networking Kernel. Available: http://www.ecsl.cs.sunysb.edu/elibrary/linux/network/LinuxKernel.pdf