Abstract

Distributed denial-of-service (DDOS) attacks have been becoming one of the major threats and the hardest security problems in today's internet. However, the present DDoS attack detection techniques face a problem that they cannot distinguish flooding attacks from abrupt changes of legitimate activity. We discover that the traffic at one time is similar to that at the same time in different days under no attacks but its abrupt changes will occur under attacking. Based on this phenomenon, we propose a model for detecting DDOS attacks automatically. In order to reduce the error to identify attacks, we use discrete wavelet transform (DWT) technique. In the end, we use actual data to validate our model and obtain good results in terms of tradeoff between correct detections and false alarms.