一个新的SYN Flood攻击防御模型的研究

曾小荟1,2，冷明1，刘冬生1，李平1，金士尧2,3

doi:10.3969/j.issn.1007130X.2011.

计算机工程与科学 >

2011 , Vol. 33 >Issue 4: 35 - 39

DOI: https://doi.org/10.3969/j.issn.1007130X.2011.

论文

一个新的SYN Flood攻击防御模型的研究

展开

(1.井冈山大学计算机科学与技术系,江西吉安 343009;2.苏州国华科技有限公司,江苏苏州 215021;
3.分布与并行处理国防科技重点实验室,湖南长沙 410073)

曾小荟(1972),男,江西遂川人，博士，副教授，研究方向为计算机网络与信息安全,分布与并行计算。冷明(1975),男,江西吉安人，博士，副教授,研究方向为算法分析与设计,VLSI系统结构设计。刘冬生(1969),男，江西安福人，硕士，讲师,研究方向为计算机网络与通信。李平(1989),男,江西新余人，研究方向为计算机网络。

收稿日期: 2010-04-30

修回日期: 2010-08-03

网络出版日期: 2011-04-25

基金资助

江苏省自然科学基金资助项目(BK2008554)；江西省教育厅科技计划项目(GJJ10538)

收起

Research on a New Intrusion Protection Model Against the SYN Flood Attacks

Expand

(1.Department of Computer Science and Technology，Jinggangshan University,Ji’an 343009;
2.Suzhou GOPHA Technology Co., Ltd,Suzhou 215021;
3.National Laboratory for Parallel and Distributed Processing,Changsha 410073，China)

Received date: 2010-04-30

Revised date: 2010-08-03

Online published: 2011-04-25

Fold

摘要

针对现有的SYN Flood攻击防御方法的不足，本文提出了一个基于TCP连接三次握手的新的防御模型。当系统检测到SYN Flood攻击后，立即把那些占用系统资源的带有典型攻击特征的第一次握手请求永久抛弃，以保证新的正常请求能够被接受；而把其他带有疑似攻击特征的第一次握手请求暂时抛弃，尔后启动自适应学习模块来修正现有的入侵模式，最后再启动SYN Flood攻击检测模块来进一步精确判定。在此基础上设计实现了一套新的SYN Flood攻击防御系统。实验测试结果表明，本入侵防御系统能有效地帮助整个系统提高对抗SYN Flood攻击的能力。

关键词： SYN Flood攻击; 网络安全; 传输控制协议; 入侵防御

本文引用格式

曾小荟1,2，冷明1，刘冬生1，李平1，金士尧2,3 . 一个新的SYN Flood攻击防御模型的研究[J]. 计算机工程与科学, 2011 , 33(4) : 35 -39 . DOI: 10.3969/j.issn.1007130X.2011.

Abstract

Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the threeway handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently; thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily, and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system’s protection capability against the SYN flood attacks.

Key words： SYN flood attacks;network security;transmission control protocol;intrusion prevention

参考文献

［1］孙知信，姜举良，焦琳. DDoS攻击检测和防御模型［J］.软件学报,2007,18(9):22452258.
［2］Ferguson P, Senie D. Network Ingress Filtering: DefeatingDenial of Service Attacks Which Employ IP Source Address Spoofing［EB/OL］.［20000315］.http://www.ietf.org/rfc/rfc2827.txt.
［3］陈波. SYN Flood攻击的原理、实现与防范［J］．计算机应用研究，2003，20(12):8083.
［4］Ioannidis J, Bellovin S M. Implementing Pushback: Routerbased Defense Against DDoS Attacks［C］∥Proc of the Network and Distributed System Security Symp, 2002.
［5］Tanenbaum A S. 计算机网络［M］. 第4版.潘爱民，译. 北京：清华大学出版社, 2004.
［6］陈伟，何炎祥，彭文灵.一种轻量级的拒绝服务攻击检测方法［J］.计算机学报,2006,29(8):13921400.
［7］Zeng Xiaohui, Luo Wenlang, Zeng Jintao, et al. Research on a High Efficient Intrusion Prevention Model［C］∥Proc of the 3rd Int’l Symp on Intelligent Information Technology and Security Informatics, 2010:720723.

Options

文章导航

模态框（Modal）标题

摘要

本文引用格式

Abstract

参考文献