The means to achieve DDoS (distributed denial of service) attacks are becoming increasingly automated and diverse. A problem that automated attack tools cannot address, at least for now, is the inevitable repetitive or periodic nature of traffic data, which are important features for the effective detection of DDoS attacks. Some researchers have proposed to detect DDoS attacks by analyzing the frequency domain information or information entropy of network communication signals or network packets. However, they still suffer from insufficient accuracy and slow response time when dealing with large-scale attack data and multiple-packet types of attacks. Therefore, we hope to develop a detection method that can detect large-scale and multiple types of DDoS. This paper proposes a new DDoS detection method based on fast Fourier transform (FFT) and information entropy. This method (FFT and entropy-based DDoS detection method [FEDDM]) focuses on the periodicity of DDoS network traffic. First, we consider each piece of network traffic data as a network behavior. Then, we prove that the network traffic data conforms to the Riemann flow structure. We define the concept of work of stream data and treat it as a feature. The effect of stream data on the communication capacity can be considered as the work performed by the stream data on the channel. In addition, to improve the efficiency and accuracy of detection, we use the FFT coefficients and information entropy of work as features to train the neural network (NN) to detect DDoS attacks. This method is lightweight, faster, and more generally applicable. The experiment proved the advantage of this method using the latest CICDDoS2019 dataset. In the simulation, the detection accuracy of NetBIOS, SNMP, syn, and WebDDoS is more than 99.99%, which proves our method.

实现 DDoS（分布式拒绝服务）攻击的手段正变得越来越自动化和多样化。至少目前，自动化攻击工具无法解决的一个问题是流量数据不可避免的重复或周期性特性，这是有效检测 DDoS 攻击的重要特征。一些研究人员提出通过分析网络通信信号或网络数据包的频域信息或信息熵来检测DDoS攻击。然而，在处理大规模攻击数据和多包类型的攻击时，它们仍然存在准确性不足和响应时间慢的问题。因此，我们希望开发一种能够检测大规模、多种类型的 DDoS 的检测方法。本文提出了一种基于快速傅立叶变换（FFT）和信息熵的新型DDoS检测方法。这种方法（FFT 和基于熵的 DDoS 检测方法 [FEDDM]）侧重于 DDoS 网络流量的周期性。首先，我们将每条网络流量数据视为一种网络行为。然后，我们证明网络流量数据符合黎曼流结构。我们定义了流数据工作的概念，并将其视为一个特征。流数据对通信容量的影响可以认为是流数据在信道上所做的工作。此外，为了提高检测的效率和准确性，我们使用工作的FFT系数和信息熵作为特征来训练神经网络（NN）检测DDoS攻击。这种方法是轻量级的，速度更快，并且更普遍适用。实验使用最新的CICDDoS2019数据集证明了该方法的优势。在仿真中，NetBIOS、SNMP、syn、WebDDoS的检测准确率均在99.99%以上，证明了我们的方法。