针对现有的SYN Flood攻击防御方法的不足,本文提出了一个基于TCP连接三次握手的新的防御模型.当系统检测到SYN Flood攻击后,立即把那些占用系统资源的带有典型攻击特征的第一次握手请求永久抛弃,以保证新的正常请求能够被接受;而把其他带有疑似攻击特征的第一次握手请求暂时抛弃,尔后启动自适应学习模块来修正现有的入侵模式,最后再启动SYN Flood攻击检测模块来进一步精确判定.在此基础上设计实现了一套新的SYN Flood攻击防御系统.实验测试结果表明,本入侵防御系统能有效地帮助整个系统提高对抗SYN Flood攻击的能力.%Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the three-way handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently;thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily,and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system's protection capability against the SYN flood attacks.
展开▼
