DDoS attack detection methods play a very important role in protecting computer network security. However, the existing flow-based DDoS attack detection methods face the non-negligible time delay and are not general for different types of DDoS attacks at different rates. In order to fill this research gap, a fast all-packets-based DDoS attack detection approach (FAPDD) is proposed. The FAPDD firstly designs a new time series network graph model to effectively simplify the processing of network traffic handling compared with the flow-based detections. Furthermore, it is the first time that the directed Weisfeiler-Lehman graph kernel is built for measuring the divergence between the current network graph and the normalization network graphs. Due to the new graph model and kernel measurement method to judge network changes, the different types and rates of DDoS attacks can be especially detected. In addition, the dynamic threshold and freezing mechanism are constructed to display standard traffic changes and prevent the pollution of attack traffic to the standard network. Finally, a number of real DDoS attack datasets are applied to evaluate the effectiveness of the proposed method, as well as the overall time efficiency and detection effect. Compared with other methods, the FAPDD can better meet the real-time requirements and achieve good detection effects in different types of DDoS attacks with different attack rates.

DDoS攻击检测方法在保护计算机网络安全方面起着非常重要的作用。但是，现有的基于流的DDoS攻击检测方法面临不可忽略的时间延迟，并且不适用于不同类型，不同速率的DDoS攻击。为了填补这一研究空白，一个˚F AST一个11- p型ackets d DoS攻击d提出了保护方法（FAPDD）。FAPDD首先设计了一个新的时间序列网络图模型，以与基于流的检测相比，有效地简化了网络流量处理的过程。此外，这是首次建立有向的Weisfeiler-Lehman图内核来测量当前网络图和规范化网络图之间的差异。由于采用了新的图形模型和内核测量方法来判断网络变化，因此可以特别检测到不同类型和速率的DDoS攻击。此外，构建动态阈值和冻结机制以显示标准流量变化，并防止攻击流量污染标准网络。最后，使用大量真实的DDoS攻击数据集来评估所提出方法的有效性，以及整体时间效率和检测效果。与其他方法相比，FAPDD可以更好地满足实时性要求，并且在不同攻击率，不同类型的DDoS攻击中都能达到良好的检测效果。