Method and system for UDP flood attack detection

摘要

A system and method is provided to identify UDP attacks. A processor determines a spectral density of packet timing intervals, a natural distance between the spectral density and a uniform distribution, and a non-linear amplifier applying a non-linear amplification to the natural distance to detect a denial-of-service attack. It uses the concept of traffic statistics analysis, i.e., spectral densities of arrived-packet timing intervals, calculates the KL-distance measurement and makes decision based on the output of a non-linear Gaussian amplifier, with which one can easily adjust the amplifier via selecting different parameters of mean and variance to satisfy system requirements of false-positive and false-negative UDP attack detections.