DDoS attacks defence strategies based on nonparametric CUSUM algorithm

Changhong Yan¹, Qin Dong², Hong Wang³ 

¹School of Information Engineering, Yancheng Institute of Technology, No.9 XiWang Avenue Road, Yancheng, China

²School of Information Engineering, Yancheng Institute of Technology, No.9 XiWang Avenue Road, Yancheng, China

³YanCheng junior high school, No.199 The liberation of south Road, Yancheng, China

In the Internet network attacks, distributed denial of service (DDoS) has aroused world attention because of its destructive power. It seems particularly difficult to defend against DDoS attacks for they have characteristics such as abrupt attacks, attacking host computer in a very wide distribution, and so on. To guard against network security and defend distributed denial of service attacks (DDoS), research should begin from the detection of DDos attacks. On the basis of deep research of DDoS attacks, the thesis summarizes and analyses the mechanism and principles of intrusion detection firstly. This paper starts with the analysis of the principle of DDoS attacks. Followed by inquiry and analysis of data packet of DDoS attacks detection, the thesis gives out the computation method for detecting DDos attacks based on Flow Connection density and presents a defending model against DDos attacks based on the temporal series of Flow Connection Condensity (Density). With the defending module based on the temporal series of Flow Connection Condensity (Density), data packet can be effectively filtered so that DDos attacks can be effectively defended and prevented. Finally, experiments prove that the module can effectively filter data packet from network.