| With the rapid development of high speed network and technology, the production and living standards of people have been greatly improved, but network security resulted which has become a very serious social problem. The Distributed Denial of Service (DDoS) Attack is a common network attack and it is difficult to prevent. The DDoS attack usually generates huge amount of packages in a second and exhausts the resources of host and network which are attacked.Many researches show that the attack packages are generated by one or several functions. Therefore, the attack packages always share some features that the valid packages do not have. This paper introduces the concept of Behavior Distribution. When suspicious flows arrived at a server, the software calculates the difference of the Behavior Distribution among them. If the difference is lower than the threshold, it is a DDoS attack. Otherwise, it is a valid access.The NS-3 experimental results indicate that this method can distinguish the DDoS attack from the valid access effectively and control these attacks as soon as possible. |
PDF Full Text Request