%0 Journal Article
%T DDoS attack detection using three-state model based on IP flow interaction<br>基于流交互三态模型的DDoS攻击检测*
%A CHEN Xue-gang
%A CHENG Jie-ren
%A <br>陈雪刚
%A 程杰仁
%J 计算机应用研究
%D 2012
%I 
%X Aiming at lack using traditional methods in DDoS detection, this paper proposed a novel IP flow interaction behavior feature (IFF) algorithm based on IP flow interaction via IP addresses and ports. It defined the network flow states into three states as the health state, quasi health state, and abnormal state by using IFF, then presented a simple and efficient DDoS attack detection method based on three-state partition of IFF, and the proposed algorithm exploited self-adapting dual threshold and alarm evaluation mechanism(DASA), and it could increase accuracy of DDoS attack detection. The simulation results show that the method not only can effectively detect abnormal flows containing DDoS attack flow, but also detect it more accuracy and lower false alarm rate.
%K distributed denial of service
%K IP flow interaction
%K alarm evaluation mechanism
%K three-state model<br>分布式拒绝服务
%K IP流交互
%K 报警评估机制
%K 三态模型
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=DD72437537278C17541F0C40725B5644&yid=99E9153A83D4CB11&vid=771469D9D58C34FF&iid=E158A972A605785F&sid=B93F010195432A97&eid=477F4C97C1F396EF&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=14