| The DDoS attacks, such as the SYN (SYNchronize) flooding attacks, which seriouslyaffected network service. Although the early research work on SYN flooding attacktraceback based on early detection made some valuable approach, still depending on thetraditional ways. Therefore, exploring an effective SYN flooding attack traceback methodbased on early detection and blocking has an important theoretical and practicalsignificance in network security and prevention of cyber crime.According to TCP (Transmission Control Protocol) three-way handshake protocol andthe principle of SYN flooding attacks, the Flooding Behavior Graph is proposed in thispaper which can describe the TCP data flow in existing SYN flooding attacks. And thensome evaluation methods for attack are established, which can assess the status of thetarget host and the attack of the source host. Based on the Flooding Behavior Graph a wayfor SYN flooding attack traceback is brought forward.In order to improve the efficiency of blocking attacks and reduce the impact on theperformance of the router forwarding, three attacks traceable results of aggregation rulesbased on the attack blocking rules are developed, which give the correspondingpolymerization method and provide a reference for the early blocking attack.This paper verified the effectiveness of the method with the DARPA99data set. Theresults show that this method is effective and supply efficacious basis for early blocking.The algorithm is easy to deploy and has low cost on time and space.Some achievements have been made based on the research mentioned above whichhave important theoretical and practical significance to enhance network security andprevention of cyber crime. |
PDF Full Text Request