| 一种同步洪流攻击的监测模型 |
| |
| 引用本文: | 王丽娟,关立行.一种同步洪流攻击的监测模型[J].西安工业学院学报,2004,24(2):163-166. |
| |
| 作者姓名: | 王丽娟 关立行 |
| |
| 作者单位: | 西安工业学院电子信息工程学院,西安工业学院电子信息工程学院 西安710032,西安710032 |
| |
| 摘 要: | 本文提出了一种新型的针对同步洪流攻击的监测模型.文中首先介绍了同步洪流攻击的原理和几种典型的防范这种攻击的对策,接着详述了监测模型的原理并论述了实现监测模型核心部分的方法.这种监测模型主要监测网络中是否发生同步洪流攻击,并及时采取措施恢复正常的网络运行.监测模型引入NDIS协议驱动程序,网络监听及多线程等技术,主要采用跟踪发起TCP连接请求的可疑IP地址的方法进行监测,采用释放被攻击主机上被占用的系统资源的措施使其恢复正常.
|
| 关 键 词: | 同步洪流攻击 MIDIS协议驱动程序 多线程 |
| 文章编号: | 1000-5714(2004)02-0163-04 |
| 修稿时间: | 2003年11月16 |
A monitor model against SYN flood attacks |
| |
| WANG Li-juan,GUAN Li-xing.A monitor model against SYN flood attacks[J].Journal of Xi'an Institute of Technology,2004,24(2):163-166. |
| |
| Authors: | WANG Li-juan GUAN Li-xing |
| |
| Abstract: | This paper presents a monitor model for SYN flood attacks.At first,the paper introduces the principle of SYN flood attacks and several characteristic countermeasures against the attacks,then expounds the principle of the monitor model and explains the methods used to implement the kernel part of the model.The model is designed to monitor SYN flood attacks in the networks,and to make the networks resume by taking actions immediately.The model mainly uses several technologies including NDIS protocol driver,network monitoring, multithreading to trace spoofed IP addresses which request TCP connections with other hosts and to release the resource consumed by the attacked hosts. |
| |
| Keywords: | SYN flood attack network driver interface standards protocol driver multithreading |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
