本文通过对网络流量统计的分析,提出了一种基于滑动平均滤波器的DDoS 攻击检测 方法。该方法不同于以往单一根据网络流量的突变或根据攻击对流量分布的影响来分析 DDOS 攻击的方法,而是通过运用滑动平均滤波技术将两者综合考虑。该方法即适合引起网络流量突变的攻击,又适合发现大流量背景下攻击流量并没有引起整个网络流量显著变化的攻击。因此适合于各种规模的网络流量的异常检测。另外,详细给出了对检测成功率和误报率起着至关重要作用的阀值范围。 关键字:滑动平均滤波器;分布式拒绝服务攻击;检测率;误报率 【Abstract】In this paper we proposes a DDoS intrusion detection method based improved slip average fliter through analyzing statistical characteristics of network traffic. Our method is different from not noly that based on burst net flow singly but also that based on impact of the traffic distribution singly. We consider both of them. So it can find out the DDos attack both which can burst net flow and which does not arouse the quick changes of network traffic against the large scale network traffic. In addition ,we also give out arrange of threshold value which is very important to helping us to get high identification probability and low false alarm probability. 【Keywords】slip average filter ,distributed denial of service, identification probability, false alarm probability