Distributed denial-of-service (DDoS) attack presents a very serious threat to the stability and security of the Internet. It should be more efficient to detect the anomaly of network traffic firstly rather than to analyze the data packets directly. In this paper, an auto-adapted algorithm is proposed on the average value and threshold value of the network traffic which can make them to do autoadaptations followed the network environment's change. The influence on setting parameters of the failing alarm and the dynamic adjusting of alarm threshold, etc, Is investigated then. The experiment's result shows that the algorithm is effective and correct, which can Improve the accuracy of anomaly traffic detection and reduce the operating cost. So it can be directly applied to detect SYN flooding attacks and so on.

• 出版日期2008
• 单位淮阴工学院