| The opening of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to Network Security. Security issues have evolved into the key problem of information times.As a kind of active measure of Information Assurance, IDS (Intrusion Detection System) acts as an effective complement to traditional protection techniques. The dynamic security circle, including policy, protection, detection and response, can greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats. Network Intrusion Detection System is becoming a great developing direction.With rapid growth of computer and network technology, however, at the same time, the methods of network attacking are also developed to diversification and high-tech. This paper mainly concerned about IDS and SYN Flood. In the first section of paper, it analyzes condition of network security at present, studies technologies of IDS (anomaly-based and misused-based) and introduces criterion and classification of IDS, gives examples of each representative systems and their merits and shortcomings.In the second section ,we deeply discuss and analyze the theory of SYN Flood attack, memory allocation in TCP 3 hand shakes and different theories of anti this attack, for example ,adoption of syn cookie ,augment of the max value of TCP backlog and etc.. Through computing probabilities of received packets on destination port and destination IP address and comparing with normal threshold, system finds out the intrusion activities and writes it into alert log file. Combining with Snort IDS, I realize anti SYN Flood based on anomaly detection method as a preprocessor in Snort IDS.
|
PDF Full Text Request