一种基于小波分析的DDoS攻击检测方法

通过对网络流量的分形特性和分布式拒绝服务（DDoS）的特点进行研究，提出了一种基于小波分析的DDoS攻击检测方法，并设计了该方法检测攻击的模型。对网络流量的分形特性进行判断，然后对具有自相似特性和多重分形特性的网络流量，分别采用基于小波分析的Hurst指数方差法和基于多窗口小波分析的Holder指数法检测DDoS攻击。通过对DARPA 2000年数据的实验表明，该方法能够有效地检测到攻击，对大流量背景攻击、低速率攻击、反射式攻击也都达到了较高的检测率，比传统方法有效。

Detecting method for DDoS attack based on wavelet analysis

On the basis of analyzing the fractal property of network traffic and the features of Distributed Denial of Service（DDoS） attacks, a method of DDoS attack detection based on wavelet analysis is presented, and the attack detection model is designed. It judges the fractal features of network traffic, then adopts a method of variance of Hurst exponent based on wavelet analysis detect attack when it is self-similar or a method of Holder exponent based on multi-window wavelet analysis detect attack when it is multi-fractal. On the DARPA/Lincoln laboratory intrusion detection evaluation data set 2000, the experimental results show that this method is effective, and detection rate is high on the big background traffic DDoS attack, low-rate DDoS attack, and reflection DDoS attack, which is better than the traditional method.