Middle-agent Model In Defensing Against SYN Flood

With the widely use of network and highly increasing of information transferred between them, many institutions and departments are benefited from the network. At the same time data and information in computers which connetced in the Internet also have been broken or filched in a certain way, the security of dada and self-benefit have been threatened seriously, information security has gradually became an important issue. The expanding of scale of the network is companied with the increased attacking probability。By introducing the Intrusion Detection technique, it can be done timely to test the attacking event occurred in the network and cut off the connection of the attacker at the early stage of the attacking event. So the Intrusion Detection System (IDS) has been challegened by the non-stoped renew of the intrusion techinque.SYN Flood attack is one of the most popular Dos and DdoS attack ways. Attacker make use of the TCP Three time shaking protocal to fabricate a large amount of data pockets to sent to sever and request for establing new connecting. This result in that the sever waste a huge amout of resource to maintain a relatively big semi-connected list. In this way severy is too busy to deal with the connecting request of attacker to satisfy the regular request of the customer.Base on the characters of the SYN Flood attack, we design a proxy between the customers and the sever。Then the TCP Three time shaking protocal become one time shaking by this technology,now the proxy wait for the three time response instead of sever, therefore the sever never need to wait for response.We use the NN arithmetic based on abnormity character in proxy, by detect the data package, we transferred the data package which has deal withed to 134 character vectors. And then we realized the recovery of SYN Flood attack.To prove it can defend SYN Flood attack, we do experiment on our system model. The experimental result shows that this method can distinguish the SYN Flood attack from the normal network, with 73.0 discernment rate and wrong report rate of 3.72%.