摘要
SYN Flood攻击是最常见的分布式拒绝服务攻击方式之一,本文提出一种改进的SYN Cookie方法,通过设计新的Cookie验证算法并改变Cookie字段定义,在不降低安全性的同时,降低算法计算复杂度.实验结果表明,新方法可有效防御针对TCP协议的SYN Flood攻击,与传统算法相比,新算法效率提高约30%.
SYN Flood attack is one of the most common distributed denial of service attack way. This paper presents an improved SYN Cookie method. A new cookie verification algorithm is designed and the definiion of cookie field is changed ,so that algorithm complexity with the ensurance of security is reduced. The test results show that the new method can he an effective defense against the TCP SYN Flood attack. The proposed method provides an average computational complexity reduction of 30% compared with the traditional method.
出处
《中原工学院学报》
CAS
2009年第3期16-19,共4页
Journal of Zhongyuan University of Technology
基金
河南省科技攻关项目(092102310038)