通过实时采集数据包并进行分析处理,实时统计数据包中SYN在TCP中的比率、UDP的收包速率、ICMP的收包速率,根据系统正常运行时所设定的阈值实现针对DDoS中SYNFlood、UDPFlood、ICMPFlood三种形式攻击的检测。当连续超过阈值3秒后,系统自动统计收到的数据包,找到数据包的来源,并通过信息熵算法分析攻击源是随机伪造IP源攻击还是单一攻击源。%By analyzing and processing of re al-time data packets,real-time ratio of SYN and TCP and rate of UDP and ICMP are computed. Three forms of DDos attack:SYNFlood,UDPFlood,ICMPFlood are detected based on the threshold of system during normal operation. The system au-tomatic counts the received data packets and finds out their sources after three seconds over the threshold. According to the information entropy algorithm,random counterfeit IP at-tack source or a single attack source is analyzed.
展开▼
