| With the development of network technology and network economy, more and more carriers and enterprises suffer SYN Flood attacks. A large number of attackers caused the target server refuse to serve by seizing the bandwidth and resources, which affects the normal carriers and enterprise business.For the hidden strong and large-scale characteristics of SYN Flood attacks, the paper proposed the idea of the Network-flow-clean system. The Network-flow-clean system distinguishes trust traffic, untrust traffic and unknown traffic by using the way of flow-level, and process the state of the network specifically.The Network-flow-clean system is divided into functional modules and public modules, which is based on the users'demands. Function modules include statistical analysis module, current traction modules, cleaning platform and half-connection processing module; public module includes features library module and the connection count module. Statistical analysis module matching black and white lists to complete the preliminary filtering of network traffic; the current traction module determine whether the abnormal flow needs the second filter or not by setting the SYN rate limit.Half-connection processing module to receive the results from cleaning platform, generate dynamic lists of information to establish and update the feature database parameters; the connection count module handles the messages from IN and OUT direction. It also should update the connection number of the features.Network-flow-clean system completes a level of network traffic filtering after its design and implementation based on the demands. From the verification results, the accuracy of recognition and the SYN Flood attack and defense capabilities have both been improved through the processing of the Network-flow-clean system. |
PDF Full Text Request