SYN Flooding Attack Detection Using EWMA on Time Sampling

Main Article Content

Nichagon Teabtong
Nithi Thanon
Pennee Wangmaeteekul


This article presents a detection of SYN Flooding Attack (Denial-of-Service) using the Exponentially Weighted Moving Average (EWMA) method and examines three factors that affect detecting efficiency: 1) Sample packets at different time intervals 2) Attacking Rate (low attack rate and high attack rate) 3) No user and users request information to the Web Server while being attacked. The efficiency has been evaluated via Accuracy formular, False Positive Rate, and False Negative Rate through the simulated datasets. The results show that the proposed algorithm is able to detect both low and high attack rates. Moreover, the experiment results confirm that all three factors cause for the detection performance. The algorithm performs well under the circumstance which there is no user requested information to the Web Server while the attacking rates are low or high with medium or large divided packets size.

Article Details

How to Cite
Teabtong, N., Thanon, N., & Wangmaeteekul, P. (2023). SYN Flooding Attack Detection Using EWMA on Time Sampling. Journal of Science Ladkrabang, 32(1), 1–18. Retrieved from
Research article


Yoachimik, O. and Ganti, V. 2022. DDoS Attack Trends for Q4 2021. Available at: Retrieved 15 January 2022.

Ramkumar, B.N. and Subbulakshmi, T. 2021. TCP SYN flood attack detection and prevention system using adaptive thresholding method. Proceeding ITM Web of Conferences 37, International Conference on Innovative Technology for Sustainable Development (ICITSD 2021), 1-8.

Ransewa, S., Elz, N., Thanon, N. and Intajag, S. 2018. Anomaly detection using Source Port Data with Shannon Entropy and EWMA Control Chart. Proceeding 18th International Conference on Control, Automation and Systems (ICCAS 2018), GangWon, Korea, 596-601.

Al-mansor, M.J. and Gan, K.B. 2018. Intrusion detection systems: principles and perspectives. Journal of Multidisciplinary Engineering Science Studies, 4(11), 2266-2270.

Bouyeddou, B., Harrou, F., Sun, Y. and Kadri, B. 2017. Detecting SYN flood attacks via statistical monitoring charts: A comparative study. Proceedings 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B), Boumerdes, Algeria,1-5.

Montgomery, D.C. 2009. Introduction to Statistical Quality Control. 6th ed, John Wiley & Sons, New York.

Machaka, P., Bagula, A. and Nelwamondo, F. 2016. Using Exponentially Weighted Moving Average Algorithm to Defend Against DDoS Attacks. Proceedings Pattern Recognition Association of South Africa and Robotics and Mechatronics International Conference (PRASA-RobMech) Stellenbosch, South Africa, 1-6.

Nishanth, N. and Mujeeb, A. 2021. Application of Adaptive Threshold Algorithm with selected modified parameters for the Detection of flooding based Denial-of-Service (DoS) attack in Mobile Ad Hoc Network. Proceeding International conference on systems energy and environment, GCE Kannur, Kerala, India, 119-123.

ชัชฎาภา ดีวุ่น และเปรมพร เขมาวุฆฒ์. 2561. การศึกษาประสิทธิภาพของแผนภูมิควบคุม p, Ewma และ Isrt p ewma. วิศวกรรมสารเกษมบัณฑิต, 8(2), 180-193. [Chatchadapa Dewun and Premporn Khemavuk. 2018. A STUDY OF EFFICIENCY OF P, EWMA AND ISRT P EWMA CONTROL CHARTS. Kasem Bundit Engineering Journal, 8(2), 180-193. (in Thai)]

YERUSHALMY, J. 1947. Statistical Problems in Assessing Methods of Medical Diagnosis, with Special Reference to X-ray Techniques. Public health reports, 62(40), 1432-1449.

Liu, H. and Lang, B. 2019. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, 9(20), 1-28.