基于网络全局流量异常特征的DDoS攻击检测

由于分布式拒绝服务（DDoS）攻击的隐蔽性和分布式特征，提出了一种基于全局网络的DDoS检测方法。与传统检测方法只对单条链路或者受害者网络进行检测的方式不同，该方法对营运商网络中的OD流进行检测。该方法首先求得网络的流量矩阵，利用多条链路中攻击流的相关特性，使用K L变换将流量矩阵分解为正常和异常流量空间，分析异常空间流量的相关特征，从而检测出攻击。仿真结果表明该方法对DDoS攻击的检测更准确、更快速，有利于DDoS攻击的早期检测与防御。

DDoS attack detection based on global network properties of network traffic anomaly

Due to the invisibility and distributivity characteristics of Distributed Denial of Service (DDoS) attack, a new DDoS detection method based on global network was presented in this paper. Our method detects DDoS by analyzing OD traffic matrix, whereas the traditional methods detect it on single link or victim network. This method was carried out as follows: First, we need to get network traffic matrix in order to obtain the correlation character of attack traffic among multiple links. Then, traffic matrix was divided into normal space and abnormal space by K-L transformation. Finally, the correlation of abnormal space was achieved to detect DDoS attack. The simulation result shows that this proposed method is more accurate and faster than traditional methods. It is in favor of earlier detection of DDoS attack.