Abstract:

Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the threeway handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently; thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily, and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system’s protection capability against the SYN flood attacks.

Key words: SYN flood attacks;network security;transmission control protocol;intrusion prevention