Aiming at the shortcomings of current methods which highly depend on system logs and fail to detect attacks against FTP or DNS servers,this paper proposed a novel model named DFM-FA that based on Kalman filtering and information entropy. The DFM-FA model mapped behaviour anomaly detection to network anomaly detection, maximizing the priority of legitimate users' access. This model can also detect attacks against FTP or DNS or other servers with no need for system logs.%针对当前应用层分布式拒绝服务攻击(App-DDoS)检测方法高度依赖于系统日志,且检测攻击类型单一的问题,提出了基于卡尔曼滤波和信息熵的联合检测模型DFM-FA(detection and filtering model against App-DDoSattacks based on flow analysis),将应用层的行为异常检测映射为网络层的流量异常检测,最大限度地保证了合法用户的优先正常访问.实验证明,DFM-FA既不依赖于系统日志,同时又能检测到FTP、DNS等多种App-DDoS攻击.
展开▼
