| With the rapid development of computer technology, the network is playing an important role in people's life, so network security is particularly important. Distributed denial of service attack (DDoS) is a very rampant attack in recent years, which has great damage and is difficult to prevent. DDoS has been a serious threat to the security of the Internet, and now is the research hot spot of network security.This paper does a deep research on DDoS attack and also describes the current status of DDoS research at the beginning. Based on the investigation, this paper focuses the study on the SYN flood attack which has the highest incidence rate in all types of DDoS attacks. Through the analysis of SYN flood (include its principle, characteristics, existing detection and prevention method), this paper proposes the detection and defense methods for SYN flood attack.This paper puts forward MTDS method based on multiple thresholds to detect SYN flood attack. In addition to monitor SYN, FIN and ACK packets in the network, MTDS method adds a new threshold to describe the number of abnormal packets which have wrong TTL value. Compared with the traditional detection methods, MTDS method improves the reliability of SYN flood detection, and also provides a new idea for SYN flood detection.In attack defense aspect, this article creates the white list to save the legitimate users, and limits the number of connection requests from unfamiliar users who are not in the white list. This method ensures the system will not collapse when suffering SYN flood attack, and provide normal service for the users in white list. This method also enhances the defense capability of the attack target.DDoS simulation experiment platform is designed to test the SYN flood detection and prevention method proposed in this paper. This platform can send multiple types of DDoS attack packets with the speed of gigabit per second. Unlike the other popular DDoS tools in network, this platform is more flexible and more complex, can provide convenient for the test of DDoS defense system.Finally, some experiments are made to test the SYN flood detection and prevention methods proposed in this article. Test results show that the new threshold-based detection method proposed in this article has a higher sensitivity to detect SYN flood attack. At the same time, the method of limiting the number of connection requests from unfamiliar users improve the host's defense capacity, when a SYN flood attack the server still can provide service for some users. At the end of the article, it summarizes the main contents of this article, and analyzes the shortcomings of this paper, gives advice about how to improve the article... |
PDF Full Text Request