摘要: 分布式拒绝服务攻击的原理简单、危害严重,如TCP淹没攻击。该文介绍一种快速、有效的方法来检测TCP SYN flooding攻击,通过线性预测分析来预防、拒绝服务攻击(DoS)。该检测机制采用TCP在响应超时情况下的指数回退算法性质,计算受攻击网络中的收到的SYN和发出的SYN+ACK数据包数量之差进行数学建模,可以在很短的延时内检测SYN Flooding攻击。该算法可以方便地运用在叶节点路由器和防火墙中。
关键词:
线性预测,
拒绝服务,
指数回退算法
Abstract: Distributed Denia1 of Service(DDoS) attack is a major threat to Internet services. TCP SYN flooding is one of the most common methods used in DoS attacks. This paper presents a fast and effective method to detect TCP SYN flooding attacks. Linear prediction analysis is proposed as a new paradigm for DoS attack detection. The proposed SYN flooding detection mechanism makes use of the exponential backoff property of TCP used during timeouts. By modeling the difference of SYN and SYN+ACK packets, an attack is detected successfully within short delays. The method is used to leaf routers and firewalls to detect the attack without the need of maintaining any state.
Key words:
linear prediction,
Denia1 of Service(DoS),
exponential backoff algorithm
中图分类号:
王 瑜;姚国珍;黄怡然. 基于线性预测的DDoS攻击检测方法[J]. 计算机工程, 2008, 34(20): 156-158.
WANG Yu; YAO Guo-zhen; HUANG Yi-ran. Detection Method Against DDoS Attacks Based on Linear Prediction[J]. Computer Engineering, 2008, 34(20): 156-158.