Methods Based On The Detection And Filtering Active Queue Management SYN Flood DDoS Attacks

With the continuous development of computer technology, Internet is playing a more and more important role in the daily life and work. Meanwhile, the network security is encountering more challenges. DDoS attacks have become increasingly rampant. SYN Flood DDoS attack is easy to launch, and it can make the victim server collapse in a short time. So it is favored by hackers and criminals. This makes prevention study of SYN Flood DDoS attack be an important and challenging hot topics in the field of network security. At present, it is impossible to completely eliminate DDoS attacks. What we can do is that attacks are detected as soon as possible and appropriate precautions are taken against attack. Therefore, study on the detection and filtering on the SYN Flood DDoS is particularly significant.Firstly, the research status of SYN Flood DDoS attacks is investigated deeply in this paper. The SYN Flood DDoS attack principle, classification, characteristics and three defense lines against SYN Flood DDoS attack are analyzed. SYN Flood DDoS attack detection and filtering method which is based on AQM (Active Queue Management)-SYN-SFB (SYN Stochastic Fair Blue) algorithm is proposed. Based on real-time requirements of attack detection, an SYN packet flow monitoring.module is designed. Whether the attack occurs is judged by the average flow growth value of SYN packets, which is taken as the condition to enable the maskant. Attack packets are filtered by the data flow marked probability in the maskant. Benign SYN packets which are identified are added to safe SYN Request Queue and are given different priorities to ensure the smooth transmission of benign SYN packets.A series of experiments are carried out in NS2(Network Simulator Version2) simulation environment. The SYN-SFB algorithm performances are compared with several well-known Active Queue Management algorithm performances when SYN Flood DDoS attack occurs. Experimental results show that the robustness of SYN-SFB algorithm is high, SYN-SFB algorithm is able to identify the SYN Flood DDoS attacks and filter the attack packet, the losing normal TCP data stream throughput rate due to SYN Flood DDoS attacks is controlled within1%.