Unlock instant, AI-driven research and patent intelligence for your innovation.

SYN Flood attack detection method based on counting type Bloom filter

A Bloom filter and attack detection technology, which is applied in the field of network security, can solve problems such as server downtime and inaccessibility of normal users, and achieve the effects of fast matching speed, small memory usage, and reduced false alarm rate

Active Publication Date: 2021-11-26
SHENZHEN FORWARD IND CO LTD
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Aiming at the above-mentioned deficiencies in the prior art, a kind of SYNFlood attack detection method based on counting type Bloom filter provided by the present invention solves the problem that normal users cannot access and the server is down after receiving the attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SYN Flood attack detection method based on counting type Bloom filter

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The following specific embodiments of the present invention will be described in order to understand the present invention to those skilled in the art, it should be clear that the invention is not limited to the scope of particular embodiments of ordinary skill in the art, as long variations within the spirit and scope of the invention as defined and determined by the appended claims, these changes will be apparent, all of the inventive concept of the inventions are in the protection column.

[0028] like figure 1 Shown, SYN Flood attack detection method based on the counting bloom filter type comprising the steps of:

[0029] Sl, a single source IP detected within a certain period of time the number of TCP connection request packet, and taking the maximum value as a threshold value;

[0030] S2, construct a counter table, a whitelist and blacklist, and initialize;

[0031] S3, determines whether the current time period to complete the TCP packet is received, if the detecti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SYN Flood attack detection method based on a counting type Bloom filter. The method comprises the following steps: detecting the number of TCP connection request packets of a single source IP in a certain period of time, and taking the maximum value as a threshold value, or manually setting a threshold value; constructing a counting table, a white list and a black list, and initializing the counting table, the white list and the black list; receiving the TCP message detected in the current time period; obtaining a source target IP of the received TCP message, carrying out operation on the source target IP by using k independent hash functions to obtain k hash values, and searching corresponding positions of the k hash values in the counting table; and judging whether the received TCP message is in a black list or a white list or a threshold range, and making a choice of discarding or passing the TCP message according to a corresponding judgment result. According to the method, the occupied memory is small, the matching speed is high, and the SYN Flood attack can be defended; and the false alarm rate is reduced by selecting the proper number of hash functions and array length and resetting data in the array at regular time.

Description

Technical field [0001] The present invention relates to the field of network security, particularly relates to a SYN Flood attack detection method based on counting bloom filter type. Background technique [0002] SYN Flood is one of the most popular DoS (Denial of Service) and DDoS (distributed denial of service attack) way, using TCP protocol flaw, sending a large number of forged TCP connection requests, resulting in the attacker being depleted resources. Thus affecting the normal service requests. Because it takes advantage of the inherent shortcomings of TCP / IP protocol, the existing protocol architecture for SYN Flood attack no immunity. [0003] TCP connection established protocol is called TCP three-way handshake (Three-way Handshake), while SYNFlood attack is implemented for the three-way handshake vulnerability. [0004] Step three-way handshake is as follows: [0005] (1) The client sends a TCP packet containing the SYN flag set to a server, the message will indicate...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/55
CPCH04L63/0236H04L63/1458H04L63/102G06F21/55Y02D30/50
Inventor 詹晋川张帆周志远陆湘
Owner SHENZHEN FORWARD IND CO LTD