|
|
计算机应用研究 2012
DDoS attack detection using three-state model based on IP flow interaction
|
Abstract:
Aiming at lack using traditional methods in DDoS detection, this paper proposed a novel IP flow interaction behavior feature (IFF) algorithm based on IP flow interaction via IP addresses and ports. It defined the network flow states into three states as the health state, quasi health state, and abnormal state by using IFF, then presented a simple and efficient DDoS attack detection method based on three-state partition of IFF, and the proposed algorithm exploited self-adapting dual threshold and alarm evaluation mechanism(DASA), and it could increase accuracy of DDoS attack detection. The simulation results show that the method not only can effectively detect abnormal flows containing DDoS attack flow, but also detect it more accuracy and lower false alarm rate.
