Sun Qindong,Zhang Deyun,Sun Zhaohui,Zhang Xiao
(School of Electronics and Information Engineering,Xi'an Jiaotong University,Xi'an 710049,China)
Abstract:The features of distributed denial of service£¨DDoS£©attacks are analyzed.The concept of the flow connection density£¨FCD£©which reflects the variation of network flow caused by DDoS attacks is defined,then the characteristics of non-stationary of FCD time series is proved.A new method to detect DDoS attacks is proposed by fitting the adaptive autoregression model of the FCD time series to transform it into the vector sequence in multi-dimensional space,and identifying DDoS attacks by using the K-nearest neighbor classifier trained by samples.The experimental results and analysis show that the developed approach can detect DDoS attacks effectively,and the error detection rate is lower than 4.3%£®The approach also can deal with the new flow information and detect DDoS attacks online£®
Keywords:distributed denial of service;adaptive autoregression;K-nearest neighbor