Abstract: Aiming at the low detecting accuracy, high training complexity and poor adaptability in DDoS attacks detection methods, a new DDoS attack model based on fast fractional Fourier transform is proposed. It utilizes the principle that DDoS attacks would impact the self-similarity of the traffic, then detects DDoS attacks by monitoring the change range of the Hurst parameter. In DARPA2000 dataset and TFN2K attacks traffic under different intensity, this paper compares the new algorithm with wavelet method and etc. The experimental results reveal that the method has lower compute complexity and better detecting accuracy.

Key words: distributed denial of service, fast fractional Fourier transform, self-similarity, Hurst parameter

摘要： 针对传统检测方法存在精度低、训练复杂度高、适应性差的问题，提出了基于快速分数阶Fourier变换估计Hurst指数的DDoS攻击检测方法。利用DDoS攻击对网络流量自相似性的影响，通过监测Hurst指数变化阈值判断是否存在DDoS攻击。在DARPA2000数据集和不同强度TFN2K攻击流量数据集上进行了DDoS攻击检测实验，实验结果表明，基于FFrFT的DDoS攻击检测方法有效，相比于常用的小波方法，该方法计算复杂度低，实现简单，Hurst指数估计精度更高，能够检测强度较弱的DDoS攻击，可有效降低漏报、误报率。

关键词: 分布式拒绝服务, 快速分数阶Fourier变换, 自相似性, Hurst指数