A monitor model against SYN flood attacks

This paper presents a monitor model for SYN flood attacks.At first,the paper introduces the principle of SYN flood attacks and several characteristic countermeasures against the attacks,then expounds the principle of the monitor model and explains the methods used to implement the kernel part of the model.The model is designed to monitor SYN flood attacks in the networks,and to make the networks resume by taking actions immediately.The model mainly uses several technologies including NDIS protocol driver,network monitoring, multithreading to trace spoofed IP addresses which request TCP connections with other hosts and to release the resource consumed by the attacked hosts.