Abstract

With the proliferation of Internet applications and network-centric services, network and system security issues are more important than before. In the past few years, cyber attacks, including distributed denial-of-service (DDoS) attacks, have a significant increase on the Internet, resulting in degraded confidence and trusts in the use of Internet. However, the present DDoS attack detection techniques face a problem that they cannot distinguish flooding attacks from abrupt changes of legitimate activity. In this paper, we give a model for detecting DDoS attacks based on network traffic feature to solve the problem above. In order to apply the model conveniently, we design its implementation algorithm. By using actual data to evaluate the algorithm, the evaluation result shows that it can identify DDoS attacks.