• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2011, Vol. 33 ›› Issue (4): 35-39.doi: 10.3969/j.issn.1007130X.2011.

• 论文 • 上一篇    下一篇

一个新的SYN Flood攻击防御模型的研究

曾小荟1,2,冷明1,刘冬生1,李平1,金士尧2,3   

  1. (1.井冈山大学计算机科学与技术系,江西 吉安 343009;2.苏州国华科技有限公司,江苏 苏州 215021;
    3.分布与并行处理国防科技重点实验室,湖南 长沙 410073)
  • 收稿日期:2010-04-30 修回日期:2010-08-03 出版日期:2011-04-25 发布日期:2011-04-25
  • 作者简介:曾小荟(1972),男,江西遂川人,博士,副教授,研究方向为计算机网络与信息安全,分布与并行计算。冷明(1975),男,江西吉安人,博士,副教授,研究方向为算法分析与设计,VLSI系统结构设计。刘冬生(1969),男,江西安福人,硕士,讲师,研究方向为计算机网络与通信。李平(1989),男,江西新余人,研究方向为计算机网络。
  • 基金资助:

    江苏省自然科学基金资助项目(BK2008554);江西省教育厅科技计划项目(GJJ10538)

Research on a New Intrusion Protection Model Against the SYN Flood Attacks

ZENG Xiaohui1,2,LENG Ming1,LIU Dongsheng1,LI Ping1,JIN Shiyao2,3   

  1. (1.Department of Computer Science and Technology,Jinggangshan University,Ji’an 343009;
    2.Suzhou GOPHA Technology Co., Ltd,Suzhou 215021;
    3.National Laboratory for Parallel and Distributed Processing,Changsha 410073,China)
  • Received:2010-04-30 Revised:2010-08-03 Online:2011-04-25 Published:2011-04-25

摘要:

针对现有的SYN Flood攻击防御方法的不足,本文提出了一个基于TCP连接三次握手的新的防御模型。当系统检测到SYN Flood攻击后,立即把那些占用系统资源的带有典型攻击特征的第一次握手请求永久抛弃,以保证新的正常请求能够被接受;而把其他带有疑似攻击特征的第一次握手请求暂时抛弃,尔后启动自适应学习模块来修正现有的入侵模式,最后再启动SYN Flood攻击检测模块来进一步精确判定。在此基础上设计实现了一套新的SYN Flood攻击防御系统。实验测试结果表明,本入侵防御系统能有效地帮助整个系统提高对抗SYN Flood攻击的能力。

关键词: SYN Flood攻击, 网络安全, 传输控制协议, 入侵防御

Abstract:

Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the threeway handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently; thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily, and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system’s protection capability against the SYN flood attacks.

Key words: SYN flood attacks;network security;transmission control protocol;intrusion prevention