Research On Defensive Methods Of SYN Flood Attack Based On Statistical Characteristic

In recent years, the distributed denial of service (DDoS) attack has been widely used by attackers since it is easy to implement and has great destructiveness. The DDoS attack has become a critical threat to the network security. At present, among all the DDoS attacks, SYN Flood attack is the most popular attack type, which is a typical attack to exhaust the bandwidth of the network and the resource of the service. In this thesis, a defense system program based on network flow statistics of the filter to the SYN flood attack is designed. And this thesis mainly focuses on the extraction and division of statistical attributes of attacks against SYN flood attack, as well as the realization of the defense algorithm.Firstly, the security incidents on DDoS attacks, the reasons for the popularity of DDoS attacks in the TCP/IP network, the classification of the attack approach and the defensive approach is introduced. Secondly, in order to describe the principles and methods of SYN Flood attack, the research developemnt of such attacks from a typical defense program and statistical probability of data flow is reviewd. After that, the Packetscore algorithm proposed by Chao et al, is analyzed and summarized. And by making use of the Packetscore algorithm, a defense system named PacketGuardis designed to defend SYN Flood attack. This systemestablishes a statistical characteristic set consistent with the statistical properties of the SYN Flood attack. According to the differenet statistical attributes of the probability between the normal flow and attack flow, the statistical attributes is divided to make the statistical results distinguish the normal flow and the attack flow better. Then, the modules of Packetscore algorithm is simplified and modelled. Besides, the PacketGuard defense system is realized in the Linux platform with the Standard C and Raw_socket.In the end, the defense system is proved to have good feasibility and practical value by simulating different types and different rate of SYN Rood attack flow on the PacketGaurd defense system.