| 摘 要: SYN Flood是当前最流行的拒绝服务(DoS)与分布式拒绝服务(DDoS)攻击方式。从构造一个SYN攻击报文 的角度分析,SYN Flood攻击会引起网络中基于IP地址、标志位、端口号、序列号的统计特征异常,因此提出一种基于 统计特征的SYN Flood攻击检测的方法。该方法首先从半连接队列中获取半连接信息,从全连接队列中获取IP地址存入 BloomFilter中,再分别提取其统计特征,最后使用LMBP神经网络得到检测结果。实验结果表明该算法与其他算法相比 具有更好的检测效果。 |
| 关键词: SYNFlood检测;统计特征;BloomFilter;LMBP神经网络 |
|
中图分类号: TP393
文献标识码: A
|
|
| The SYN Flood Detection Method Based on Statistical Properties |
|
LIU Yun,HE Yi
|
( College of Mathematics and Information Science, Guiyang University, Guiyang 550005, China)
|
| Abstract: As the most popular attack method of denial of service (DoS) and distributed denial of service (DDoS),SYN Flood attack will cause some statistical properties abnormalities in the IP address,the TCP flag,the port number and the serial number from the perspective of constructing a SYN packet.Therefore,a SYN Flood attack detection method is proposed in this paper.Firstly,the method acquires half connection information from the half-connection queue,obtains IP addresses from the whole connection queue and puts them in Bloom Filter,then individually extracts statistical properties based on IP addresses,and finally determines whether SYN Flood attack happens by using LMBP neural networks.Experimental results show that the method could improve the effectiveness of detection. |
| Keywords: SYN flood detection;statistical properties;bloom filter;LMBP neural network |
