| 发明名称 |
Method to detect SYN flood attack |
| 摘要 |
A method of predicting a SYN flooding attack on a server. The method tracks the number of SYN signals received (or SYN+ACK signals sent) over the communications port of the server in a specified time interval, the arrival estimation window. The invention then predicts the number of anticipated ACK, RST or ACK+RST signals to be received over the communication port within a predetermined time length prediction window. The prediction may be made at multiple points within the prediction window. The prediction window is offset in time from the arrival estimation window. The prediction of ACK signals to be received is based upon the number of SYN signals received or SYN+ACK signals sent in the arrival estimation window. In one embodiment, a polynomial is fit to the data in the Arrival estimation window and extrapolated to the prediction window. The predicted number of ACK, or RST or ACK+RST signals is compared to the actual number received in the prediction window, and if the difference is in excess of a threshold value, and attack is indicated. |
| 申请公布号 |
US8127357(B1) |
申请公布日期 |
2012.02.28 |
| 申请号 |
US20100943555 |
申请日期 |
2010.11.30 |
| 申请人 |
PHOHA VIR V;BALAGANI KIRAN S;LOUISIANA TECH RESEARCH FOUNDATION, A DIVISION OFLOUISIANA TECH UNIVERSITY FOUNDATION, INC. |
发明人 |
PHOHA VIR V;BALAGANI KIRAN S |
| 分类号 |
G06F21/20;G06F11/30;G06F15/16 |
主分类号 |
G06F21/20 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
