Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for rapidly detecting SYN Flood attacks

A fast and quantitative technology, applied in the field of network information security, can solve the problem of high equipment prices

Active Publication Date: 2018-01-23
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method requires more data, and requires data acquisition equipment that can analyze TCP headers in detail, and the price of such equipment is relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for rapidly detecting SYN Flood attacks
  • Method and device for rapidly detecting SYN Flood attacks
  • Method and device for rapidly detecting SYN Flood attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027]According to an embodiment of the present invention, an embodiment of a method for quickly detecting a SYN Flood attack is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions , and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0028] figure 2 is a flowchart of a method for quickly detecting a SYN Flood attack according to an embodiment of the present invention, such as figure 2 As shown, the method includes the following steps:

[0029] Step S102, acquiring TCP protocol session information, wherein the TCP protocol session information is at least one session information between the target IP and the monitoring host;

[0030] In the embodiment of the present invention, in order to quickly judge whether there is ...

Embodiment 2

[0093] The embodiment of the present invention also provides a device for quickly detecting a SYN Flood attack. The device for quickly detecting a SYN Flood attack is mainly used to implement the method for quickly detecting a SYN Flood attack provided in the above-mentioned content of the embodiment of the present invention. The following describes the embodiment of the present invention The provided device for quickly detecting SYN Flood attacks is introduced in detail.

[0094] Figure 5 is a schematic diagram of a device for quickly detecting SYN Flood attacks according to an embodiment of the present invention, such as Figure 5 As shown, the device for quickly detecting a SYN Flood attack mainly includes: an acquisition unit 51, a first analysis unit 52, a second analysis unit 53 and a determination unit 54, wherein:

[0095] An acquisition unit 51, configured to acquire TCP protocol session information, wherein the TCP protocol session information is at least one sessi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for rapidly detecting SYN Flood attacks, relating to the technical field of network information security. The method comprises the following steps: acquiringTCP session information, wherein the TCP session information is at least one piece of session information between a target IP and a monitoring host; analyzing the TCP session information to obtain the number of SYN request data packets; when determining that the number meets preset conditions, analyzing source IP addresses and physical addresses in an SYN request to determine whether the source IP addresses and the physical addresses are in accordance with even distribution; and when determining that the addresses meet the even distribution, determining whether the monitoring host is attackedby SYN Flood at the current time based on the number of target sessions, wherein the number of the target sessions is the number of the sessions with zero application layer traffic in all IP addresssessions in the network traffic at the current time. Thereby, the technical problem that an SYN Flood detection method is higher in cost in the prior art can be alleviated.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a method and device for quickly detecting SYN Flood attacks. Background technique [0002] SYN Flood is a well-known DoS (Denial of Service attack), and SYN Flood is one of the ways of DDoS (Distributed Denial of Service attack). This is an attack method that uses TCP protocol flaws to send a large number of forged TCP connection requests, thereby exhausting the resources of the attacked party (full CPU or insufficient memory). [0003] The principle of SYN Flood attack is as follows: figure 1 shown. A normal TCP connection requires a three-way handshake. First, the client sends a SYN packet to the server. Then, the server allocates a control block and responds with a SYN+ACK packet. The server will then wait for the client to send it an ACK packet. If the server does not receive an ACK packet, the TCP connection will remain half-open until the server r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L29/12
Inventor 莫凡范渊刘博龙文洁
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com