摘要
针对SYN flood防护算法中的SYN重传算法进行研究和改进,设计一种对客户访问体验影响尽可能小且能高效防护SYN flood攻击的算法。通过对SYN重传算法的缺点和用户行为进行分析,采取对源IP地址一次验证,特定时间内信任的方法,缩短用户再次访问等待时间,采取增加HTTP重定向应答报文的方法减少误转报文。实验结果表明,改进后的防护算法缩短了用户访问Web服务器的响应时间,减少了随机源IP SYN flood攻击时的误转报文情况。
Researching and improving SYN retransmission algorithm of flood SYN protection algorithm,an algorithm was designed to impact the access experience of customers as small as possible and efficiently prevent SYN flood attacks.Through analyzing the shortcomings of SYN retransmission algorithms and user behavior,the protection system verified the source IP address and then trusted this source IP at a certain time to shorten the waiting time for a user to access again,and response HTTP redirect packets were added to reduce misrouted packets.Experimental results show the improved algorithm shortens the response time when users accessing the Web server and reduces the number of misrouted packets forwarded when facing the random source IP SYN flood attack.
出处
《计算机工程与设计》
北大核心
2016年第12期3165-3170,共6页
Computer Engineering and Design
基金
国家自然科学基金青年科学基金项目(61403223)
中国劳动关系学院中央高校基本科研业务费专项基金项目(13YQ010)
