摘要： 分析了分布式拒绝服务(DDoS)攻击的特点，提出了流连接信息熵的定义，并通过对流连接信息熵时间序列的分析，采用非参数CUSUM算法进行DDoS攻击检测。该检测方法对固定IP、端口号随机变化的DDOS攻击有比较好的检测效果。实验结果证明，该方法能够以较高的精确度及时地检测出DDoS 攻击行为。

关键词: 分布式拒绝服务攻击, 相关数据包, 流连接信息熵, 非参数CUSUM算法

Abstract: On the basis of analyzing the features of distributed denial of service (DDoS) attacks, flow connection entropy time series analysis is proposed. It uses non-parametric CUSUM algorithm to complete the detection task of DDoS attacks. It minimizes the average delay of detection for a given false alarm rate. It has better detection effect on the fixed source IP and random destination ports’s DDoS. Experimental result demonstrates this model can detect DDoS attack as early as possible with high detection accuracy.

Key words: DDoS attack, correlational packet, flow connection entropy(FCE), non-parametric CUSUM algorithm

中图分类号: 

• TP393