非对称路由环境下SYN flood攻击防御方法

doi:10.3969/j.issn.1000-436x.2013.z1.038

Journal on Communications ›› 2013, Vol. 34 ›› Issue (Z1): 285-291.doi: 10.3969/j.issn.1000-436x.2013.z1.038

• Academic communication • Previous Articles Next Articles

SYN flood attack defense strategy for asymmetric routing

Jian-xi TAO^1,^3,⁴,Li ZHOU²,Zhou ZHOU^1,⁴,Wei YANG^1,⁴,Qing-yun LIU^1,⁴,Rong YANG^1,⁴()

¹ Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
² National Computer Network Emergency Response Technical Team/Coordination Center, Beijing 100029, China
³ College of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
⁴ National Engineering Laboratory for Information Security Technology, Beijing 100093, China

Online:2013-08-25 Published:2017-06-23
Supported by:
The National High Technology Research and Development Program of China (863 Program);The National Information Security Program of China (242 Program);Strategic Priority Research Program of the Chinese Academy of Sciences;The National Natural Science Foundation of China

Abstract

Abstract:

In order to resolve the problem that existing network security facilities can't defend against large-scale SYN flood attack under asymmetric routing environment, attack detection technology and connection management strategy were researched, and a defense architecture combining a light-weight detection method with a hierarchical connection management strategy was presented. The detection method uses SYN packet rate and destination IP address entropy, and the hierarchical connection management strategy consists of a method based on SYN packet and a method based on data packet. The experimental results show that this proposed method can mitigate the influence brought by SYN flood attack.

Key words: SYN flood, asymmetric routing, connection management, SYN packet rate, destination IP address entropy

Jian-xi TAO,Li ZHOU,Zhou ZHOU,Wei YANG,Qing-yun LIU,Rong YANG. SYN flood attack defense strategy for asymmetric routing[J]. Journal on Communications, 2013, 34(Z1): 285-291.

Figures/Tables 8

References 15

[16]	WANG H N , ZHANG D L , SHIN K G . Detecting SYN flooding attacks[A]. Twenty-First Annual Joint Conference of the IEEE Com-puter and Communications Societies[C]. New York, NY, USA, 2002.1530-1539.
[17]	EHRLICH W K , FUTAMURA K , LIU D . An Entropy Based Method to Detect Spoofed Denial of Service (DoS) Attacks[M]. US: Springer US, 2008,44:101-122.
[1]	Prolexic Quarterly Global DDoS Attack Report Q4 2012[R]. Holly-wood: Prolexic Technologies, 2013.
[2]	KLEYMAN B . Why Anti-DDoS Products and Services are Critical for Today's Business Environment[R]. Data Center Knowledge (DCK), 2013.
[3]	2012年我国互联网网络安全态势综述[R]．北京：国家互联网应急中心， 2013.2012 Survey on Internet Security Situation in China[R]. Beijing: Na-tional Computer Network Emergency Response Technical Team/Co-ordination Center, 2013.
[4]	What is asymmetric routing[EB/OL]. , 2013.
[5]	EDDY W . TCP SYN flooding attacks and common mitigations[EB/OL]. , 2007.
[6]	BERNSTEIN D J . SYN cookies[EB/OL]. .
[7]	ZúQUETE A . Improving the functionality of syn cookies[J]. Ad-vanced Communications and Multimedia Security, 2002,(100):57-77.
[8]	HANG B , HU R M , SHI W . An enhanced SYN cookie defence method for TCP DDoS attack[J]. Journal of Networks, 2011,8(6):1206-1213.
[9]	JONATHAN L . Resisting SYN flood DoS attacks with a SYN cache[A]. Proceedings of the BSD Conference 2002 on BSD Confer-ence[C]. CA, USA, 2002.89-97.
[10]	WU Z , CHEN Z . A three-layer defense mechanism based on web servers against distributed denial of service attacks[A]. Proceedings of the First International Conference on Communications and Network-ing[C]. Beijing, China, 2006.1-5.
[11]	SCHUBA C L , KRSUL I V , KUHN M G . Analysis of a denial of service attack on TCP[A]. Proceedings of 1997 IEEE Symposium on Security and Privacy[C]. Oakland, CA, USA, 1997.208-223.
[12]	WANG H N , ZHANG D L , SHIN K G . SYN-dog: sniffing SYN flood-ing sources[A]. Proceedings of the 22′nd International Conference on Distributed Computing Systems (ICDCS'02)[C]. Vienna, Austria, 2002.421-428.
[13]	NAKASHIMA T , OSHIMA S . A detective method for SYN flood attacks[A]. Proceedings of the First International Conference on Inno-vative Computing, Information and Control (ICICIC'06)[C]. Wash-ington DC, USA, 2006.48-51.
[14]	CHEN W , YEUNG D . Defending against TCP SYN flooding attacks under different types of IP spoofing[A]. Proceedings of the Interna-tional Conference on Networking, International Conference on Sys-tems and International Conference on Mobile Communications and Learning Technologies[C]. Mauritius, 2006.38-43.
[15]	SUN C H , HU C C , TANG Y , et al. More accurate and fast SYN flood detection[A]. Proceedings of 18th Internatonal Conference on Computer Communications and Networks[C]. San Francisco, CA, USA, 2009.1-6.

Metrics

Recommended 0

No Suggested Reading articles found!

1stDP次序	连接数	百分比	累计百分比
1	2 907 594	99.053 28%	99.053 28%
2	24 700	0.841 46%	99.894 73%
3	1 894	0.064 52%	99.959 26%
4	837	0.028 51%	99.987 77%
5	240	0.008 18%	99.995 95%
6	118	0.004 02%	99.999 97%
＞6	1	0.000 03%	100.000 00%

改进后	改进前	提升幅度
1.9 Gbit/s	1.2 Gbit/s	58.3%

SYN flood attack defense strategy for asymmetric routing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 15

Related Articles 4

Metrics

Recommended 0

[1]	. Asymmetric routing detection based on flow records [J]. Journal on Communications, 2014, 35(Z1): 19-102.
[2]	Hao-liang LAN,Wei DING,Zhen XIA. Asymmetric routing detection based on flow records [J]. Journal on Communications, 2014, 35(Z1): 98-102.
[3]	. SYN flood attack defense strategy for asymmetric routing [J]. Journal on Communications, 2013, 34(Z1): 38-291.
[4]	Wei-jia SONG,Qun SHANG,Ping CHEN. Designing and implementing a campus network resources management system [J]. Journal on Communications, 2005, 26(1A): 63-67.