Abstract: According to the features of net data current rule and the changing compared with ordinary circumstances when DDoS attacks, this paper proposes that the changing function of statistical rule can be gained by CUSUM method of sequential detection to inspect the relavant changing point. It proves that the CUSUM method without parameter is a simple and effective intrusion detection system of little calculation needing no complex parameter. By this method, DDoS attack can be analyzed immediately and detection function can be improved.

Key words: sequential detection, IP spoofing, CUSUM method

摘要： 针对DDoS攻击时的网络数据流分布规律发生变化的特点，提出利用序列检测的CUSUM方法来实时检测相关的变化点，得到DDoS攻击时统计规律的变化函数。经过实验证明，无参数的CUSUM方法是一种计算量小、无需设定复杂的参数、可对DDoS攻击进行实时分析，在较少的计算量下提高检测性能，是一种简单有效的入侵检测方法。

关键词: 序列检测, IP伪造, CUSUM方法

CLC Number: 

• TP393.08