Skip to Main Content
With the rapid development of network, a variety of abnormal flow including the most popular DDoS attacks appear in the network, these abnormal flow greatly limit the Internet providing normal bandwidth services to the normal users. It is difficult to correctly distinguish the legitimate burst flow and the DDoS attacks by using the unilateral flow to analyze and detect the anomaly flow, so we propose a bidirectional-based DDoS detection mechanism. The detection mechanism put forward a state model which includes eight kinds of nodes by analyzing the input and output flow of the network nodes and the relationship between the input and output flow. Through the further analysis of the state model, we can distinguish the abnormal flow and the legitimate burst flow. The detection mechanism plays a timely role in early warning and prevention. The simulation results show that the bidirectional-based DDoS detection mechanism is effective and feasible.