摘要
介绍了SYNFlood攻击的原理,分析了基于异常检测的入侵检测方法,利用信息论的相关原理,通过对到达目的IP和目的端口的SYN包的概率统计,计算其异常值并和门限值比较,有效地检测出SYNFlood攻击。以预处理插件的形式,将AntiSYNFlood的模块加入到入侵检测系统中,给出了检测流程、主要数据结构和程序框架,并作了相应的测试。
The opening of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to network security. Security issues have evolved into the key problem of information times. SYN flood is one of deny of service attacks t[(hrough sending a lot of )(S)(Y)(N)( )]packets. Through computing probabilities of received SYN packets and comparing with normal threshold, system finds out the SYN intrusion and writes it into alert log file.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2003年第6期701-705,共5页
Journal of University of Electronic Science and Technology of China
