摘要
SYN Flood给网络正常运行带来极大危害,而已有广泛研究的基于流量自相似性的检测方式对这种小包攻击可能会失效。通过对DAG卡捕获高精度流量样本进行分析,提出一种基于主动探测机制的SYN攻击检测方法。该方法将包对测量背景流量技术应用于异常流量检测中,用夹入背景流长度变化来检测攻击。实验表明,该算法对SYN攻击检测率可达88%。这种基于端到端的检测方法,具有良好的灵活性和可控制性等优点。
SYN Flood brings great danger to the normal network operation. Many research studies detect the attack by analyzing the self-similarity of network traffic. However, the method may be ineffective to SYN Flood. By analyzing the high-precision traces which are captured by DAG cards, we proposed a new SYN Flood detection mechanism based on the active detection. It brings the technology of packet-pair to abnormal traffic detection that detects SYN Flood, according to the background flow length change. The method has a 88% SYN attack detection rate from experimental results. This method is based on end-to-end technology which has better flexibility and controllability.
出处
《计算机科学》
CSCD
北大核心
2010年第3期117-120,共4页
Computer Science
基金
国家自然科学基金(NSFC)项目(90718008
60673155)资助