摘要： 防御DDoS攻击是网络安全的一个重要研究领域，在该领域已有许多方法，例如：源端检测，地址跟踪，数据包分类，流量检测。但是，每种方法都有它的特点和应用局限。文章运用分级防御的思想提出了一种集成方法。“集成”的意思是指把若干体系的方法集成在一起，使其成为一个新的功能更强的防御体系。该防御系统具有可靠性高、响应速度快、对合法数据包影响小等特点。

关键词: DDoS攻击, 异常检测, 条件合法概率, 数据包打分, 分级防御

Abstract: One of the most important fields in network security is the defense against DDoS attacks, in which many methods are introduced in literature, namely DWARD, IP trace, packet classification, anomaly traffic detection. Every current method has its advantages and disadvantages. With the idea of classification defense, this paper presents an integrated scheme which has synthesized two complete defending systems against DDoS attacks. The integrated system has more powerful functions in fighting against DDoS attacks. The good performances of the new system for fighting against DDoS attacks are listed as fellow: low false alarm probability, high speed of response, slight affection to the normal traffic.

Key words: DDoS attacks, Anomaly detection, Conditional legitimate probability, Packet classification, Classification defense