计算机科学 ›› 2010, Vol. 37 ›› Issue (3): 117-120.

• 计算机网络与信息安全 • 上一篇    下一篇

一种基于主动探测机制的SYN Flooding攻击检测方法

李海伟,张大方,刘俊,杨晓波   

  1. (湖南大学计算机与通信学院 长沙410082);(湖南大学软件学院 长沙410082)
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金(NSFC)项目(90718008,60673155)资助。

Active Detecting Method against SYN Flooding Attacks

LI Hai-wei,ZHANG Da-fang,LIU Jun,YANG Xiao-bo   

  • Online:2018-12-01 Published:2018-12-01

摘要: SYN Flood给网络正常运行带来极大危害,而已有广泛研究的基于流量自相似性的检测方式对这种小包攻击可能会失效。通过对DAG卡捕获高精度流量样本进行分析,提出一种基于主动探测机制的SYN攻击检测方法。该方法将包对测量背景流量技术应用于异常流量检测中,用夹入背景流长度变化来检测攻击。实验表明,该算法对SYN攻击检测率可达88%。这种基于端到端的检测方法,具有良好的灵活性和可控制性等优点。

关键词: SYN Flooding攻击,自相似性,异常检测,包对

Abstract: SYN Flood brings great danger to the normal network operation. Many research studies detect the attack by analyzing the self-similarity of network traffic. However, the method may be ineffective to SYN Flood. By analyzing the high-precision traces which are captured by DAG cards, we proposed a new SYN Flood detection mechanism based on the active detection. It brings the technology of packet pair to abnormal traffic detection that detects SYN Flood, according to the background flow length change. The method has a 88 0 o SYN attack detection rate from experimental resups. This method is based on end-to-end technology which has better flexibility and controllability.

Key words: SYN flooding attack, Self-similarity, Abnormal detection, Packet pair

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!