Unlock instant, AI-driven research and patent intelligence for your innovation.

Detection and defense method for SYN Flood attack

An attack detection and attacked technology, applied in digital transmission systems, secure communication devices, electrical components, etc., can solve the problems of increased network load, inability to play a protective role, large occupation, etc., and achieve efficient and accurate filtering and efficient and accurate defense. , filter efficient effect

Active Publication Date: 2022-05-17
BEIJING VENUS INFORMATION SECURITY TECH +2
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when there is a large traffic attack, the above method cannot be effectively defended. In addition, SYN Cache, etc. need to maintain the connection state table, which will take up a lot of memory space, and SYN Cookie, which needs to calculate the cookie value, will take up a lot of CPU computing resources. If the value is too large, the CPU resources of the system will be consumed quickly, causing the system to fail to respond normally, and it will not be able to play a protective role; TCP source detection has two SYN-ACK packets that return correct confirmation numbers and SYN-ACK packets that return incorrect confirmation numbers. However, they all have the problem of increasing the network load, and need to send response messages to a large number of SYN messages, which will increase the network load additionally in the event of a large traffic attack.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection and defense method for SYN Flood attack
  • Detection and defense method for SYN Flood attack
  • Detection and defense method for SYN Flood attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The technical solutions in the embodiments of the present application are clearly and completely described below in combination with the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of this application.

[0046] Such as figure 1 As shown, the present application provides a method for detecting and defending against SYN Flood attacks, which is mainly divided into two parts: an attack detection part and an attack defense part.

[0047] Among them, the attack detection part is realized through the second-stage detection scheme, including the first-stage detection and the second-stage detection, and the attack behavior can be accurately detected without increasing the network and host lo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting and defending SYNFwood attacks, which comprises the following steps of: S1, attack detection: performing SYNFwood attack monitoring on a system, judging whether the current system is attacked or not, and if the current system is attacked, turning to step S2; s2, attack defense: TCP source detection is performed on the message received by the system, and whether the IP of the message is a legal IP is judged; if yes, adding the IP into a white list; and if not, discarding the message. According to the method, the SYN Flood attack can be efficiently and accurately defended on the premise of not increasing the load of the network and the host.

Description

technical field [0001] This application relates to the field of system network security, in particular to a method for detecting and defending against SYN Flood attacks. Background technique [0002] SYN Flood attack is a typical Dos (Denial of Service, denial of service) attack. By sending a large number of SYN messages or SYN and ACK mixed messages, the tcp connection resources of the server are consumed, causing the server to fail to respond to normal tcp connection requests, resulting in failure to Provide normal service. At present, the commonly used defense methods of SYN Flood can be roughly divided into two categories. The first category is to add proxy in the tcp communication stage, such as: SYN cookie, SYN Cache, SYN Proxy; the second category is TCP source detection to judge whether the IP is legal, right? Legal ip filtering, these methods can resist small-scale SYN Flood attacks. However, when there is a large traffic attack, the above method cannot be effecti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1458Y02D30/50
Inventor 孙凯蒋发群
Owner BEIJING VENUS INFORMATION SECURITY TECH