摘要
通过实时采集数据包并进行分析处理,实时统计数据包中SYN在TCP中的比率、UDP的收包速率、ICMP的收包速率,根据系统正常运行时所设定的阈值实现针对DDoS中SYNFlood、UDPFlood、ICMPFlood三种形式攻击的检测。当连续超过阈值3秒后,系统自动统计收到的数据包,找到数据包的来源,并通过信息熵算法分析攻击源是随机伪造IP源攻击还是单一攻击源。
By analyzing and processing of real-time data packets,real-time ratio of SYN and TCP and rate of UDP and ICMP are computed. Three forms of DDos attack: SYNFlood,UDPFlood,ICMPFlood are detected based on the threshold of system during normal operation. The system automatic counts the received data packets and finds out their sources after three seconds over the threshold. According to the information entropy algorithm,random counterfeit IP attack source or a single attack source is analyzed.
出处
《河北软件职业技术学院学报》
2013年第3期54-57,共4页
Journal of Hebei Software Institute
