摘要： 针对攻击性极大的SYN泛洪攻击，提出一种检测方法。分析SYN 泛洪的攻击特征，在每个时间间隔，对服务器的半连接列表进行统计，计算出未确认的表项数目，采用补偿方法形成基于时间的统计序列，使用改进的变动和式累积检验(PCUSUM)算法进行检测。实验结果表明，该算法不仅能够实现快速检测，且与同类工作相比具有更低的误报率，检测结果更准确。

关键词: SYN泛洪攻击, 变动和式累积检验算法, 门限, 半连接列表, NS2模拟

Abstract: This paper proposes an effective detection method against SYN flooding attack. The analysis is started from the traits of SYN flooding attack. In every time period, the semi-connected list of server is counted. The number of unacknowledged segments is calculated. The statistical sequence based on time comes into being with the method of compensation. An improved PCUSUM algorithm is used to detect attack. Experimental result shows that the algorithm can detect attack quickly and obtain lower false-positive rate than other similar methods, more accurate detection result can be provided.

Key words: SYN flooding attack, PCUSUM algorithm, threshold, semi-connected list, NS2 simulation

中图分类号: 

• TP309.2