摘要： 分布式拒绝服务(Distributed Denial of Service, DDoS)攻击是当前网络安全的主要威胁之一。通过对网络连接特征的分析，提出了一种DDoS 攻击检测模型。该模型利用DDoS 早期攻击阶段的固有特性，从网络连接数据的统计分析中探寻系统正常行为的分布规律并确定DDoS 攻击检测阈值。最后，通过模拟攻击实验验证了检测模型的有效性。实验结果表明，该模型能快速有效地实现对早期DDoS 攻击的检测，并对其他网络安全检测研究具有一定的指导意义。

关键词: 分布式拒绝服务；统计分析；攻击检测

Abstract: Distributed denial of service (DDoS) attacks are major threats to availability of computer network. A detection model for early DDoS attacks is presented, which involves with probability distributions of normal behavior on computer network and DDoS attacks detection threshold.The model employs statistical analysis of data from network connections to find the probability distributions of normal behavior. Based on the probability distributions, the threshold is set for detecting attacks. Also, the feasibility of the scheme is validated through the simulated test. The experimental results show the effectiveness of the model in detecting DDoS attacks. Furthermore, this model provides some directed sense for other network security detection research.

Key words: Distributed denial of service; Statistical analysis; Attack detection