Research On Detection And Prevention Methods Of SYN Flood Based On Campus Network

As well as deepening dependence on the network application, the availability of the network has gradually become the focus of attention. DDOS attack is one of network availability attacks which network managers widely known and that are difficult to deal with. In the complex network environment, we need to combine with a wide range of technologies to prevent DDOS attacks to ensure network service security. So this article combining attack detection and congestion to solve the target host resources to be depleted, as well as network congestion that caused by mitigate DDOS. In this way proposed the campus network SYN Flood attack detection and prevention methods focus on a common form of DDOS attacks-SYN Flood attacks.This article using Hash Functions and improved Bloom Filter-based information extraction algorithm to generate the initial statistical series, and early attack detection. First, smoothing of the statistical series, and then combination of adaptive offset constant to make it comply with the recursive version of the non-parametric CUSUM algorithm, last according to the mean of the normal network traffic, to dynamically determine the detection threshold in the early attack detection; When the attacks exist, use MULTOPS mechanism and Bloom Filter data structure which records the number of SYN that flow in network ports, quickly identify the target and the attack strength so that the appropriate treatment. For severe attack directly lost malicious datagram; for mild attack, regard mild attack as an impending network congestion to notify the router immediately start the congestion control mechanism.This paper carried out large number of simulation attacks experiments, the results indicated that we can detect abnormal traffic and well distinguish the presence of network congestion and attacks by using Bloom Filter in the source side of the packet observers detect, and the false alarm rate and negative alarm rate relatively low, the combination of the congestion control algorithm could handle the different nature of malicious attacks flow on the basis of ensuring the network can provide normal service to legitimate users flexible, and playing a proactive role.