Method and device for quickly detecting syn flood attack

A fast and quantitative technology, applied in the field of network information security, can solve the problem of high equipment price
CN107623685BActive Publication Date: 2020-04-07HANGZHOU ANHENG INFORMATION TECH CO LTD
4 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
HANGZHOU ANHENG INFORMATION TECH CO LTD
Publication Date
2020-04-07

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a method and device for rapidly detecting SYN Flood attacks, relating to the technical field of network information security. The method comprises the following steps: acquiringTCP session information, wherein the TCP session information is at least one piece of session information between a target IP and a monitoring host; analyzing the TCP session information to obtain the number of SYN request data packets; when determining that the number meets preset conditions, analyzing source IP addresses and physical addresses in an SYN request to determine whether the source IP addresses and the physical addresses are in accordance with even distribution; and when determining that the addresses meet the even distribution, determining whether the monitoring host is attackedby SYN Flood at the current time based on the number of target sessions, wherein the number of the target sessions is the number of the sessions with zero application layer traffic in all IP addresssessions in the network traffic at the current time. Thereby, the technical problem that an SYN Flood detection method is higher in cost in the prior art can be alleviated.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of network information security, in particular to a method and device for quickly detecting SYN Flood attacks. Background technique

[0002] SYN Flood is a well-known DoS (Denial of Service attack), and SYN Flood is one of the ways of DDoS (Distributed Denial of Service attack). This is an attack method that uses TCP protocol flaws to send a large number of forged TCP connection requests, thereby exhausting the resources of the attacked party (full CPU or insufficient memory).

[0003] The principle of SYN Flood attack is as follows: figure 1 shown. A normal TCP connection requires a three-way handshake. First, the client sends a SYN packet to the server. Then, the server allocates a control block and responds with a SYN+ACK packet. The server will then wait for the client to send it an ACK packet. If the server does not receive an ACK packet, the TCP connection will remain half-open until the server r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More