Sun Qindong,Zhang Deyun,Zheng Weibin,Hu Guodong
(Institute of Network,School of Electronics and Information Engineering,¡¡¡¡Xi'an Jiaotong University,Xi'an 710049,China)
Abstract:Based on the analysis of distributed denial of service £¨DDoS£© attacks,the flow connection density £¨FCD£© is defined and the characteristic of non-stationary of FCD time series is proved.A new method to detect DDoS attacks is proposed based on the time-frequency analysis of FCD.The proposed method detects DDoS attacks by transforming the time series of FCD with smooth Winger-Ville distribution,to obtain the energy distribution of the time series in two-dimensional space and suppress the effect of the quadratic cross term,and then identifying DDoS by using the K nearest neighbor classifier trained by samples.The experimental results show that the developed approach can detect DDoS attacks correctly,and identification errors mainly present to the switching stage of the network with little influence on the identification of DDoS attacks.Compared with the theoretic value,the identification error ratio is only 4.26£¥£®
Keywords:distributed denial of service;time-frequency analysis; Wigner-Ville distribution;K nearest neighbor