| With the rapid development of computer network, Internet security problems have become increasingly serious. DoS attack, represented by SynFlood, is intensified and attract more and more people's attention.After summarizing existing DoS attacks and corresponding defensive methods, we make a conclusion that the defense against DoS attacks is focus on SynFlood attack, while now available intrusion tolerance approaches against SynFlood attack have a good many problems. So it is significant to study intrusion tolerance approach against SynFlood attack.Intrusion detection is a prerequisite for intrusion tolerance. This paper applies multidimensional binary search tree (KD tree) to DoS detection. Representing network data flows with vectors in multidimensional space, organizing data and establishing user profile with KD tree, based on which we implement an anomaly detection system. By experiment, this paper manifests the detection result of DoS attacks.Next, this paper analyzes the principle of SynFlood attack. We model the process of system packets receiving with queuing theory, which laids the theoretical foundation of intrusion tolerance approach against SynFlood. After analyzing the process of TCP three handshake, this paper presents a intrusion tolerance algorithm against SynFlood based on out-core storage(OCAT).Then we describe the algorithm with pseudo-code and analyze its time complexity.Finally, this paper gives the SynFlood attack tolerance effect of OCAT with different condition contrasting to SynCookie. The experimental results present that OCAT is highly effective on SynFlood attack tolerance. |
PDF Full Text Request