Computer Engineering & Science >
Research on a New Intrusion Protection Model Against the SYN Flood Attacks
Received date: 2010-04-30
Revised date: 2010-08-03
Online published: 2011-04-25
Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the threeway handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently; thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily, and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system’s protection capability against the SYN flood attacks.
ZENG Xiaohui1,2,LENG Ming1,LIU Dongsheng1,LI Ping1,JIN Shiyao2,3 . Research on a New Intrusion Protection Model Against the SYN Flood Attacks[J]. Computer Engineering & Science, 2011 , 33(4) : 35 -39 . DOI: 10.3969/j.issn.1007130X.2011.
[1]孙知信,姜举良,焦琳. DDoS攻击检测和防御模型[J].软件学报,2007,18(9):22452258.
[2]Ferguson P, Senie D. Network Ingress Filtering: DefeatingDenial of Service Attacks Which Employ IP Source Address Spoofing[EB/OL].[20000315].http://www.ietf.org/rfc/rfc2827.txt.
[3]陈波. SYN Flood攻击的原理、实现与防范[J].计算机应用研究,2003,20(12):8083.
[4]Ioannidis J, Bellovin S M. Implementing Pushback: Routerbased Defense Against DDoS Attacks[C]∥Proc of the Network and Distributed System Security Symp, 2002.
[5]Tanenbaum A S. 计算机网络[M]. 第4版.潘爱民,译. 北京:清华大学出版社, 2004.
[6]陈伟,何炎祥,彭文灵.一种轻量级的拒绝服务攻击检测方法[J].计算机学报,2006,29(8):13921400.
[7]Zeng Xiaohui, Luo Wenlang, Zeng Jintao, et al. Research on a High Efficient Intrusion Prevention Model[C]∥Proc of the 3rd Int’l Symp on Intelligent Information Technology and Security Informatics, 2010:720723.
/
| 〈 |
|
〉 |