摘要
针对危害性极大的SYN Flooding攻击,提出了一个配置在攻击源端网络的双粒度检测系统模型,并给出该系统的具体实现方法。系统利用不同的检测机制分别对出/入终端网络的TCP业务的平衡性、SYN包SYN/ACK包数量的均衡性进行监控,快速准确地检测出该网向外发送的攻击流。检测系统将双重检测(粗、细粒度)分级进行,最大限度地降低了开销,具有很大的实用价值和参考价值。
This paper proposes a double-granularity(coarse-fine) detection model against SYN flooding attacks at source-end networks. It gives the method of building such an effective detection system as well. The core detection mechanism of the system is based on the balance between a stub network's outgoing and incoming TCP traffic, and is based on the protocol behavior of TCP SYN-SYN/ACK pairs. By using two-layer detection, step-by-step detecting the attacks, the detection system reduces the running cost without losing any detection accuracy.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第10期132-134,共3页
Computer Engineering
基金
总装武器装备预研基金项目
