The TCP SYN flooding (half-open connection) attack is a type of DDoS attack, which denies the services by consuming the server resources. This attack prevents legitimate users from using their desired service. The SYN flooding attack exploits the normal TCP three-way handshake by sending stream of SYN packets to the server with spoofed IP addresses. The detection of this attack is hard since the internet routing infrastructure cannot differentiate between legitimate and spoofed SYN packets. In this paper we present a new detection method for the SYN flooding attack based on Multifractal Detrended Fluctuation Analysis (MFDFA) in addition to an adaptive threshold, thus we can detect the abnormal behavior in the TCP protocol time series.

TCP SYN泛洪（半开放连接）攻击是一种DDoS攻击，它通过消耗服务器资源来拒绝服务。此攻击可阻止合法用户使用其所需的服务。SYN泛洪攻击通过将SYN数据包流发送到具有伪造IP地址的服务器来利用正常的TCP三向握手。由于Internet路由基础结构无法区分合法和欺骗性SYN数据包，因此很难检测到此攻击。本文提出了一种新的基于多重分形趋势波动分析（MFDFA）的SYN泛洪攻击检测方法，以及自适应阈值，从而可以检测TCP协议时间序列中的异常行为。