Abstract: In order to resolve the problem that existing network security facilities can’t defend against large-scale SYN flood attack under asymmetric routing environment, attack detection technology and connection management strategy were researched, and a defense architecture combining a light-weight detection method with a hierarchical connection management strategy was presented. The detection method uses SYN packet rate and destination IP address entropy, and the hierarchical connection management strategy consists of a method based on SYN packet and a method based on data packet. The experimental results show that this proposed method can mitigate the influence brought by SYN flood attack.