DDoS攻击防御技术综述

doi:10.11772/j.issn.1001-9081.2025040402

《计算机应用》唯一官方网站 ›› 2026, Vol. 46 ›› Issue (4): 1139-1157.DOI: 10.11772/j.issn.1001-9081.2025040402

• 网络空间安全 • 上一篇

DDoS攻击防御技术综述

何止戈¹, 刘畅², 吴俊锐¹, 罗昊然¹, 胡水松¹, 汪文勇¹()

^1.电子科技大学计算机科学与工程学院（网络空间安全学院），成都 611731
^2.清华大学计算机科学与技术系，北京 100084

收稿日期:2025-04-14 修回日期:2025-08-11 接受日期:2025-08-22 发布日期:2025-12-29 出版日期:2026-04-10
通讯作者: 汪文勇
作者简介:何止戈（1995—），男，四川广汉人，博士研究生，主要研究方向：网络安全、计算机网络、人工智能
刘畅（1992—），男，江苏扬州人，博士研究生，主要研究方向：网络安全、网络运维、人工智能
吴俊锐（1993—），男，四川安岳人，博士研究生，主要研究方向：计算机网络体系结构、网络安全
罗昊然（1999—），男，四川成都人，博士研究生，主要研究方向：网络安全、计算机网络、人工智能
胡水松（1998—），男，四川泸州人，博士研究生，主要研究方向：网络安全、计算机网络

Review of DDoS attack defense technology

Zhige HE¹, Chang LIU², Junrui WU¹, Haoran LUO¹, Shuisong HU¹, Wenyong WANG¹()

^1.School of Computer Science and Engineering （School of Cyber Security），University of Electronic Science and Technology of China，Chengdu Sichuan 611731，China
^2.Department of Computer Science and Technology，Tsinghua University，Beijing 100084，China

Received:2025-04-14 Revised:2025-08-11 Accepted:2025-08-22 Online:2025-12-29 Published:2026-04-10
Contact: Wenyong WANG
About author:HE Zhige， born in 1995， Ph. D. candidate. His research interests include network security， computer network， artificial intelligence.
LIU Chang， born in 1992， Ph. D. candidate. His research interests include network security， network operation and maintenance， artificial intelligence.
WU Junrui， born in 1993， Ph. D. candidate. His research interests include computer network architecture， network security.
LUO Haoran， born in 1999， Ph. D. candidate. His research interests include network security， computer networks， artificial intelligence.
HU Shuisong， born in 1998， Ph. D. candidate. His research interests include network security， computer networks.

摘要/Abstract

摘要：

分布式拒绝服务（DDoS）攻击作为一种破坏性极强的网络攻击方式，近年来因具有低廉的攻击成本、较高的攻击收益和较强的隐蔽性，成为网络安全领域最具威胁性和挑战性的问题之一。利用分布式控制方式，DDoS攻击将恶意流量混杂于正常网络请求中，导致传统的入侵检测系统（IDS）和防火墙等安全防护机制难以有效识别和拦截这些攻击。因此，如何高效检测并有效防御DDoS攻击成为网络安全领域的研究热点和难点。在系统性调研现有DDoS相关研究的基础上，首先，梳理DDoS攻击的分类方法，并从多个维度归纳不同类型的DDoS攻击，为更深入地理解DDoS攻击机理提供帮助；其次，分析当前DDoS攻击的发展情况，重点探讨攻击强度、攻击手段和攻击分布的发展趋势，为研究更高效的DDoS防御技术提供支持；再次，从工业和学术两个维度深入分析和评估当前DDoS攻击防御技术的现状；其中，在学术方面重点梳理基于可编程交换机和机器学习的DDoS检测与防御方法，在工业方面则对比分析DDoS防御的不同参与方所采用的防御架构，总结各类防御架构的技术特点、应用场景和存在的挑战；最后，基于当前DDoS攻击态势的综合分析，展望未来DDoS防御技术的发展方向和面临的机遇与挑战，为网络安全领域的研究者提供新的思路和方向，推动DDoS防御技术的进一步创新和发展。

关键词: 分布式拒绝服务攻击, 攻击分类, 防御方法, 可编程交换机, 机器学习

Abstract:

Distributed Denial of Service （DDoS） attacks， as a highly destructive type of cyber attacks， have become one of the most severe threats and challenges in the field of cybersecurity in recent years due to their low attack costs， high attack efficiency， and strong concealment. DDoS attacks employ a distributed control approach to mix malicious traffic with legitimate network requests， making it difficult for traditional security defense mechanisms such as Intrusion Detection System （IDS） and firewalls to identify and mitigate such attacks effectively. Consequently， the efficient detection and effective defense against DDoS attacks have become research hotspots and difficulties in the field of cybersecurity. Based on systematic survey of the existing research on DDoS attacks， the following was performed. Firstly， the classification methods of DDoS attacks were sorted out， and DDoS attacks were summed up from multiple perspectives， so as to provide a deeper understanding of DDoS attack mechanisms. Secondly， an analysis of the current development of DDoS attacks was conducted， with particular focuses on discussing the development trends in attack intensity， attack methods， and attack distribution， thereby providing support for the research on more efficient DDoS defense technologies. Thirdly， an in-depth analysis and evaluation of the status of DDoS attack defense technologies was conducted from both industrial and academic perspectives， which focused on DDoS detection and defense methods based on programmable switches and machine learning in the academic aspect， and compared and analyzed the defense architectures adopted by different participants in DDoS defense in the industrial aspect as well as summarized the technical characteristics， application scenarios， and the existing challenges of the architecture. Finally， based on a comprehensive analysis of the current DDoS attack situations， the future development directions， opportunities， and challenges of DDoS defense technology were prospected， providing new ideas and directions for researchers in the field of cybersecurity and promoting further innovation and development of DDoS defense technology.

Key words: Distributed Denial of Service (DDoS) attack, attack classification, defense method, programmable switch, machine learning

中图分类号:

TN915.08

何止戈, 刘畅, 吴俊锐, 罗昊然, 胡水松, 汪文勇. DDoS攻击防御技术综述[J]. 计算机应用, 2026, 46(4): 1139-1157.

Zhige HE, Chang LIU, Junrui WU, Haoran LUO, Shuisong HU, Wenyong WANG. Review of DDoS attack defense technology[J]. Journal of Computer Applications, 2026, 46(4): 1139-1157.

图/表 12

图1 DDoS攻击的分类

Fig. 1 Classification of DDoS attacks

表1 资源消耗型DDoS攻击的区别

Tab. 1 Differences in resource consuming DDoS attacks

消耗资源	成本	场景	复杂度	防御难度	恢复时间
计算资源	高	服务器	高	高	较长
连接资源	高	网络设备	高	高	较长
带宽资源	低	链路	低	低	较短

图2 2019—2023年DDoS月度攻击平均峰值带宽和DDoS年度攻击频次

Fig. 2 Average peak bandwidth of monthly DDoS attacks and annual DDoS attack frequency from 2019 to 2023

图3 2019—2023年网络层中不同DDoS攻击占比

Fig. 3 Proportions of different DDoS attacks in network layer from 2019 to 2023

图4 2020—2023年应用层中不同DDoS攻击占比

Fig. 4 Proportions of different DDoS attacks in application layer from 2020 to 2023

图5 2022年和2023年的DDoS攻击行业占比

Fig. 5 Proportions of DDoS attacks in different industries in 2022 and 2023

图6 2023年的DDoS攻击地域分布

Fig. 6 Proportions of DDoS attacks in different regions in 2023

图7 互联网服务提供者防御DDoS攻击的典型部署

Fig. 7 Typical defense deployments of Internet service providers against DDoS attacks

图8 云服务厂商防御DDoS攻击的典型部署

Fig. 8 Typical defense deployments of cloud service providers against DDoS attacks

图9 CDN和DDoS高防联动的防御DDoS攻击的部署

Fig. 9 CDN and DDoS high-defense linkage defense deployments against DDoS attacks

图10 CDN分发流量机制的防御DDoS攻击的部署

Fig. 10 CDN traffic distribution mechanism’s defense deployments against DDoS attacks

图11 典型的低位防御DDoS攻击的部署

Fig. 11 Typical low-position defense deployments against DDoS attacks

参考文献 101

[1]	HNAMTE V， NAJAR A A， NHUNG-NGUYEN H， et al. DDoS attack detection and mitigation using deep neural network in SDN environment［J］. Computers and Security， 2024， 138： No.103661.
[2]	CHAHAL J K， BHANDARI A， BEHAL S. DDoS attacks & defense mechanisms in SDN-enabled cloud： taxonomy， review and research challenges［J］. Computer Science Review， 2024， 53： No.100644.
[3]	GELGI M， GUAN Y， ARUNACHALA S， et al. Systematic literature review of IoT botnet DDOS attacks and evaluation of detection techniques［J］. Sensors， 2024， 24（11）： No.3571.
[4]	UDDIN R， KUMAR S A P， CHAMOLA V. Denial of service attacks in edge computing layers： taxonomy， vulnerabilities， threats and solutions［J］. Ad Hoc Networks， 2024， 152： No.103322.
[5]	WANG B， HE Y， SHUI Z， et al. Predictive optimization of DDoS attack mitigation in distributed systems using machine learning［J］. Applied and Computational Engineering， 2024， 64： 94-99.
[6]	SHARMA A K， KUMAR R. A comprehensive survey of DDoS attacks： evolution， mitigation and emerging trend［C］// Proceedings of the 3rd International Conference on Power Electronics and IoT Applications in Renewable Energy and its Control. Piscataway： IEEE， 2024： 185-188.
[7]	LI Q， HUANG H， LI R， et al. A comprehensive survey on DDoS defense systems： new trends and challenges［J］. Computer Networks， 2023， 233： No.109895.
[8]	MA J， SU W. Collaborative DDoS defense for SDN-based AIoT with autoencoder-enhanced federated learning［J］. Information Fusion， 2025， 117： No.102820.
[9]	SENDIL VADIVU D， RAJAGOPALAN N. RyuGuard — combining Ryu and machine learning for proactive DDoS defense in software-defined networks［J］. Concurrency and Computation： Practice and Experience， 2024， 36（28）： No.e8289.
[10]	SHEN S， CAI C， SHEN Y， et al. MFGD3QN： enhancing edge intelligence defense against DDoS with mean-field games and dueling double deep Q-network［J］. IEEE Internet of Things Journal， 2024， 11（13）： 23931-23945.
[11]	TIAN J， SHU Z， CHEN S， et al. Enhanced DDoS defense in SDN： double-layered strategy with blockchain integration［C］// Proceedings of the 13th International Conference on Communications， Circuits and Systems. Piscataway： IEEE， 2024： 380-384.
[12]	FALOWO O I， OZER M， LI C， et al. Evolving malware & DDoS attacks： decadal longitudinal study［J］. IEEE Access， 2024， 12： 39221-39237.
[13]	HABIB A A， IMTIAZ A， TRIPURA D， et al. Distributed denial-of-service attack detection short review： issues， challenges， and recommendations［J］. Bulletin of Electrical Engineering and Informatics， 2025， 14（1）： 438-446.
[14]	JIANG X， SHI Q， MIAO H， et al. Credible link flooding attack detection and mitigation： a blockchain-based approach［J］. IEEE Transactions on Network and Service Management， 2024， 21（3）： 3537-3554.
[15]	AL-HAIJA Q A， SALEH E， ALNABHAN M. Detecting port scan attacks using logistic regression［C］// Proceedings of the 4th International Symposium on Advanced Electrical and Communication Technologies. Piscataway： IEEE， 2021： 1-5.
[16]	KIECHL P. Simulator of distributed datasets for pulse-wave DDoS attacks［D］. Zurich： University of Zurich， 2023.
[17]	ADEDEJI K B， ABU-MAHFOUZ A M， KURIEN A M. DDoS attack and detection methods in internet-enabled networks： concept， research perspectives， and challenges［J］. Journal of Sensor and Actuator Networks， 2023， 12（4）： No.51.
[18]	PAKMEHR A， AẞMUTH A， TAHERI N， et al. DDoS attack detection techniques in IoT networks： a survey［J］. Cluster Computing， 2024， 27（10）： 14637-14668.
[19]	KUMAR S， DWIVEDI M， KUMAR M， et al. A comprehensive review of vulnerabilities and AI-enabled defense against DDoS attacks for securing cloud services［J］. Computer Science Review， 2024， 53： No.100661.
[20]	BALA B， BEHAL S. AI techniques for IoT-based DDoS attack detection： taxonomies， comprehensive review and research challenges［J］. Computer Science Review， 2024， 52： No.100631.
[21]	MA Y， LIU L， LIU Z， et al. A survey of DDoS attack and defense technologies in multiaccess edge computing［J］. IEEE Internet of Things Journal， 2025， 12（2）： 1428-1452.
[22]	WU J， PAN H， CUI P， et al. Patronum： in-network volumetric DDoS detection and mitigation with programmable switches［C］// Proceedings of the 2024 European Symposium on Research in Computer Security， LNCS 14985. Cham： Springer， 2024： 187-207.
[23]	PATTNAIK L， SATPATHY S， PAIKARAY B K， et al. DDoS analysis using machine learning： survey， issues， and future directions［J］. International Journal of Business Continuity and Risk Management， 2024， 14（1）： 57-76.
[24]	MITTAL M， KUMAR K， BEHAL S. Deep learning approaches for detecting DDoS attacks： a systematic review［J］. Soft Computing， 2023， 27（18）： 13039-13075.
[25]	QASIM S S， NSAIF S M. Advancements in time series-based detection systems for Distributed Denial-of-Service （DDoS） attacks： a comprehensive review［J］. Babylonian Journal of Networking， 2024， 2024： 9-17.
[26]	ZARGAR S T， JOSHI J， TIPPER D. A survey of defense mechanisms against Distributed Denial of Service （DDoS） flooding attacks［J］. IEEE Communications Surveys and Tutorials， 2013， 15（4）： 2046-2069.
[27]	MIRKOVIC J， REIHER P. A taxonomy of DDoS attack and DDoS defense mechanisms［J］. ACM SIGCOMM Computer Communication Review， 2004， 34（2）： 39-53.
[28]	ZHAO Z， LI Z， ZHOU Z， et al. DDoS family： a novel perspective for massive types of DDoS attacks［J］. Computers and Security， 2024， 138： No.103663.
[29]	VISHWAKARMA R， JAIN A K. A survey of DDoS attacking techniques and defence mechanisms in the IoT network［J］. Telecommunication Systems， 2020， 73（1）： 3-25.
[30]	TYMOSHCHUK D， YASNIY O， MYTNYK M， et al. Detection and classification of DDoS flooding attacks by machine learning method［C］// Proceedings of the 1st International Workshop on Bioinformatics and Applied Information Technologies. Aachen： CEUR-WS.org， 2024： 184-195.
[31]	ADHIKARI T， KHAN A K， KULE M. ProDetect： a proactive detection approach of the TCP SYN flooding attack in the SDN controller［J］. IETE Journal of Education， 2025， 66（1）： 60-71.
[32]	SBAI O， ALLAERT B， SONDI P， et al. SIP-DDoS： SIP framework for DDoS intrusion detection based on recurrent neural networks［C］// Proceedings of the 2023 International Conference on Machine Learning for Networking， LNCS 14525. Cham： Springer， 2024： 72-89.
[33]	AMRU M， KANNAN R J， GANESH E N， et al. Network intrusion detection system by applying ensemble model for smart home［J］. International Journal of Electrical and Computer Engineering， 2024， 14（3）： 3485-3494.
[34]	SHANG Y. Prevention and detection of DDOS attack in virtual cloud computing environment using Naive Bayes algorithm of machine learning［J］. Measurement： Sensors， 2024， 31： No.100991.
[35]	SINGH C， JAIN A K. A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network［J］. e-Prime — Advances in Electrical Engineering， Electronics and Energy， 2024， 8： No.100543.
[36]	EDDY W M. SYN flood attack［M］// VAN TILBORG H C A， JAJODIA S. Encyclopedia of cryptography， security and privacy. ed 2. Cham： Springer， 2011： 1273-1274.
[37]	UMAYYA Z， NANDI A， ROY A， et al. Every Sherlock needs a Watson： practical semi-realtime attack elaboration system［C］// Proceedings of the 2024 International Conference on Network and System Security， LNCS 15564. Singapore： Springer， 2025： 277-300.
[38]	ZHANG D， ZHAO Q， WANG Y， et al. Attack-aware capability assessment method based on specific semantic search［C］// Proceedings of the 6th International Conference on Electronic Engineering and Informatics. Piscataway： IEEE， 2024： 1531-1535.
[39]	SALIM M M， RATHORE S， PARK J H. Distributed denial of service attacks and its defenses in IoT： a survey［J］. The Journal of Supercomputing， 2020， 76（7）： 5320-5363.
[40]	陈宏伟，尹小康，盖贤哲，等. 基于主被动结合的新型UDP反射放大协议识别方法［J］. 计算机科学， 2024， 51（8）： 412-419.
	CHEN H W， YIN X K， GAI X Z， et al. New type of UDP reflection amplification protocol recognition method based on active-passive combination［J］. Computer Science， 2024， 51（8）： 412-419.
[41]	RAZZANDA I M， KOPRAWI M. Implementasi IDS dan IPS terhadap serangan TCP port scanning dan ICMP flooding ［J］. The Indonesian Journal of Computer Science， 2024， 13（4）： 6549-6562.
[42]	ATTAR A EL， KHATOUN R， CHBIB F， et al. DNS flooding attack detection scheme through machine learning［C］// Proceedings of the 2024 International Wireless Communications and Mobile Computing Conference. Piscataway： IEEE， 2024： 132-137.
[43]	MING L， LEAU Y B， XIE Y. Distributed denial of service attack in HTTP/2： review on security issues and future challenges［J］. IEEE Access， 2024， 12： 33296-33308.
[44]	TRIPATHI N， HUBBALLI N. Slow rate denial of service attacks against HTTP/2 and detection［J］. Computers and Security， 2018， 72： 255-272.
[45]	KSIMI A EL， LEGHRIS C， LAFRAXO S， et al. ICMPv6-based DDoS flooding-attack detection using machine and deep learning techniques［J］. IETE Journal of Research， 2024， 70（4）： 3753-3762.
[46]	BENSAID R， LABRAOUI N， ABBA ARI A A， et al. Toward a real-time TCP SYN flood DDoS mitigation using adaptive neuro-fuzzy classifier and SDN assistance in fog computing［J］. Security and Communication Networks， 2024， 2024： No.6651584.
[47]	BAMASAG O， ALSAEEDI A， MUNSHI A， et al. Real-Time DDoS flood Attack Monitoring and Detection （RT-AMD） model for cloud computing［J］. PeerJ Computer Science， 2022， 7： No.e814.
[48]	LEE C， LEE S. Overcoming the DDoS attack vulnerability of an ISO 19847 shipboard data server［J］. Journal of Marine Science and Engineering， 2023， 11（5）： No.1000.
[49]	DAVIS J C， COGHLAN C A， SERVANT F， et al. The impact of Regular expression Denial of Service （ReDoS） in practice： an empirical study at the ecosystem scale［C］// Proceedings of the 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York： ACM， 2018： 246-256.
[50]	WIKRAMA K S M， FIRDAUS R， MENDROFA L Z M， et al. DDoS attack using GoldenEye， DAVOSET， and PyLoris tools［J］. Jurnal CoreIT， 2023， 9（2）： 43-52.
[51]	LUO F， LIN H， LI Z， et al. Towards automatic discovery of denial of service weaknesses in blockchain resource models［C］// Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2024： 1016-1030.
[52]	FONSECA E J L. Deteção de ataques HTTP/2 rapid reset — modelos machine learning［D］. Coimbra： Universidade de Coimbra， 2024.
[53]	BOGDANOSKI M， SUMINOSKI T， RISTESKI A. Analysis of the SYN flood DoS attack［J］. International Journal of Computer Network and Information Security， 2013， 5（8）： 1-11.
[54]	MOHAMMADI R， LAL C， CONTI M， et al. Software defined network-based HTTP flooding attack defender［J］. Computers and Electrical Engineering， 2022， 101： No.108019.
[55]	SHEN Z Y， SU M W， CAI Y Z， et al. Mitigating SYN flooding and UDP flooding in P4-based SDN［C］// Proceedings of the 22nd Asia-Pacific Network Operations and Management Symposium. Piscataway： IEEE， 2021： 374-377.
[56]	SHIEH C S， HO F A， HORNG M F， et al. Open-set recognition in unknown DDoS attacks detection with reciprocal points learning［J］. IEEE Access， 2024， 12： 56461-56476.
[57]	SANGODOYIN A O， AKINSOLU M O， PILLAI P， et al. Detection and classification of DDoS flooding attacks on software-defined networks： a case study for the application of machine learning［J］. IEEE Access， 2021， 9： 122495-122508.
[58]	LONE Q， KORCZYŃSKI M， GAÑÁN C， et al. SAVing the Internet： explaining the adoption of source address validation by internet service providers［EB/OL］. ［2025-08-04］..
[59]	PRASEED A， THILAGAM P S. DDoS attacks at the application layer： challenges and research perspectives for safeguarding web applications［J］. IEEE Communications Surveys and Tutorials， 2019， 21（1）： 661-685.
[60]	YUNGAICELA-NAULA N M， VARGAS-ROSALES C， PEREZ-DIAZ J A. SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning［J］. IEEE Access， 2021， 9： 108495-108512.
[61]	CHAUHAN V， SAINI P. ICMP flood attacks： a vulnerability analysis［C］// Cyber Security： Proceedings of CSI 2015， AISC 729. Singapore： Springer， 2018： 261-268.
[62]	NAWROCKI M， KRISTOFF J， HIESGEN R， et al. SoK： a data-driven view on methods to detect reflective amplification DDoS attacks using honeypots［C］// Proceedings of the IEEE 8th European Symposium on Security and Privacy. Piscataway： IEEE， 2023： 576-591.
[63]	DASARI S， KALURI R. An effective classification of DDoS attacks in a distributed network by adopting hierarchical machine learning and hyperparameters optimization techniques［J］. IEEE Access， 2024， 12： 10834-10845.
[64]	唐梅，万武南，张仕斌，等. 基于区块链的DDoS防护研究综述［J］. 计算机应用， 2025， 45（11）： 3416-3423.
	TANG M， WAN W N， ZHANG S B， et al. Survey of DDoS protection research based on blockchain［J］. Journal of Computer Applications， 2025， 45（11）： 3416-3423.
[65]	SRIHARI RAO N， CHANDRA SEKHARAIAH K， ANANDA RAO A. A survey of Distributed Denial-of-Service （DDoS） defense techniques in ISP domains［C］// Innovations in Computer Science and Engineering： Proceedings of the Fifth ICICSE 2017， LNNS 32. Singapore： Springer， 2019： 221-230.
[66]	GUPTA B B， MISRA M， JOSHI R C. An ISP level solution to combat DDoS attacks using combined statistical based approach［J］. International Journal of Information Assurance and Security， 2008， 3（2）： 102-110.
[67]	AKELLA A， BHARAMBE A， REITER M， et al. Detecting DDoS attacks on ISP networks［EB/OL］. ［2025-08-04］..
[68]	FAKEEH K A. An overview of DDoS attacks detection and prevention in the cloud［J］. International Journal of Applied Information Systems， 2016， 11（7）： 25-34.
[69]	TIAN Y， NOGALES A F R. A survey on data integrity attacks and DDoS attacks in cloud computing［C］// Proceedings of the IEEE 13th Annual Computing and Communication Workshop and Conference. Piscataway： IEEE， 2023： 788-794.
[70]	YANG H， PAN H， MA L. A review on software defined content delivery network： a novel combination of CDN and SDN［J］. IEEE Access， 2023， 11： 43822-43843.
[71]	GILAD Y， HERZBERG A， SUDKOVITCH M， et al. CDN-on-Demand： an affordable DDoS defense via untrusted clouds［EB/OL］. ［2025-08-04］..
[72]	GUO R， LI W， LIU B， et al. CDN judo： breaking the CDN DoS protection with itself［EB/OL］. ［2025-08-04］..
[73]	SHIRSATH V A， CHANDANE M M. Beyond the basics： an in-depth analysis and multidimensional survey of programmable switch in software-defined networking［J］. International Journal of Networked and Distributed Computing， 2025， 13： No.8.
[74]	LARA A， KOLASANI A， RAMAMURTHY B. Network innovation using OpenFlow： a survey［J］. IEEE Communications Surveys and Tutorials， 2014， 16（1）： 493-512.
[75]	AVVISATI F. The measure of socio-economic status in PISA： a review and some suggested improvements［J］. Large-Scale Assessments in Education， 2020， 8（1）： No.8.
[76]	MALBOUBI M， WANG L， CHUAH C N， et al. Intelligent SDN based Traffic （de） Aggregation and Measurement Paradigm （iSTAMP）［C］// Proceedings of the 2014 IEEE Conference on Computer Communications. Piscataway： IEEE， 2014： 934-942.
[77]	SONCHACK J， AVIV A J， KELLER E， et al. TurboFlow： information rich flow record generation on commodity switches［C］// Proceedings of the 13th EuroSys Conference. New York： ACM， 2018： No.11.
[78]	ZHANG C， CAI Z， CHEN W， et al. Flow level detection and filtering of low-rate DDoS［J］. Computer Networks， 2012， 56（15）： 3417-3431.
[79]	DING D， SAVI M， SIRACUSA D. Tracking normalized network traffic entropy to detect DDoS attacks in P4［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（6）： 4019-4031.
[80]	GUPTA A， BIRKNER R， CANINI M， et al. Network monitoring as a streaming analytics problem［C］// Proceedings of the 15th ACM Workshop on Hot Topics in Networks. New York： ACM， 2016： 106-112.
[81]	YU M， JOSE L， MIAO R. Software defined traffic measurement with OpenSketch［C］// Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation. Berkeley： USENIX Association， 2013： 29-42.
[82]	LIU Z， MANOUSIS A， VORSANGER G， et al. One sketch to rule them all： rethinking network flow monitoring with UnivMon［C］// Proceedings of the 2016 ACM SIGCOMM Conference. New York： ACM， 2016： 101-114.
[83]	YANG T， JIANG J， LIU P， et al. Elastic sketch： adaptive and fast network-wide measurements［C］// Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. New York： ACM， 2018： 561-575.
[84]	YU X， XU H， YAO D， et al. CountMax： a lightweight and cooperative sketch measurement for software-defined networks［J］. IEEE/ACM Transactions on Networking， 2018， 26（6）： 2774-2786.
[85]	ZHANG Y， LIU Z， WANG R， et al. CocoSketch： high-performance sketch-based measurement over arbitrary partial key query［C］// Proceedings of the ACM SIGCOMM 2021 Conference. New York： ACM， 2021： 207-222.
[86]	HUANG Q， SHENG S， CHEN X， et al. Toward nearly-zero-error sketching via compressive sensing［C］// Proceedings of the 18th USENIX Symposium on Networked Systems Design and Implementation. Berkeley： USENIX Association， 2021： 1027-1044.
[87]	TANG L， HUANG Q， LEE P P C. SpreadSketch： toward invertible and network-wide detection of superspreaders［C］// Proceedings of the 2020 IEEE Conference on Computer Communications. Piscataway： IEEE， 2020： 1608-1617.
[88]	ZHANG M， LI G， WANG S， et al. Poseidon： mitigating volumetric DDoS attacks with programmable switches［EB/OL］. ［2025-08-04］..
[89]	ZHOU Z H. Machine learning［M］. Singapore： Springer， 2021.
[90]	LIU H， LANG B. Machine learning and deep learning methods for intrusion detection systems： a survey［J］. Applied Sciences， 2019， 9（20）： No.4396.
[91]	ALI T E， CHONG Y W， MANICKAM S. Machine learning techniques to detect a DDoS attack in SDN： a systematic review［J］. Applied Sciences， 2023， 13（5）： No.3183.
[92]	HAN X， CUI S， LIU S， et al. Network intrusion detection based on n-gram frequency and time-aware Transformer［J］. Computers and Security， 2023， 128： No.103171.
[93]	MUSTAPHA A， KHATOUN R， ZEADALLY S， et al. Detecting DDoS attacks using adversarial neural network［J］. Computers and Security， 2023， 127： No.103117.
[94]	REZAPOUR A， TZENG W G. RL-Shield： mitigating target link-flooding attacks using SDN and deep reinforcement learning routing algorithm［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（6）： 4052-4067.
[95]	FOULADI R F， ERMIŞ O， ANARIM E. A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN［J］. Computer Networks， 2022， 214： No.109140.
[96]	WICHTLHUBER M， STREHLE E， KOPP D， et al. IXP scrubber： learning from blackholing traffic for ML-driven DDoS detection at scale［C］// Proceedings of the ACM SIGCOMM 2022 Conference. New York： ACM， 2022： 707-722.
[97]	YU S， ZHANG J， LIU J， et al. A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN［J］. EURASIP Journal on Wireless Communications and Networking， 2021， 2021： No.90.
[98]	MIRSKY Y， DOITSHMAN T， ELOVICI Y， et al. Kitsune： an ensemble of autoencoders for online network intrusion detection［EB/OL］. ［2025-08-04］..
[99]	YUAN X， LI C， LI X. DeepDefense： identifying DDoS attack via deep learning［C］// Proceedings of the 2017 IEEE International Conference on Smart Computing. Piscataway： IEEE， 2017： 1-8.
[100]	JIA Y， ZHONG F， ALRAWAIS A， et al. FlowGuard： an intelligent edge defense mechanism against IoT DDoS attacks［J］. IEEE Internet of Things Journal， 2020， 7（10）： 9552-9562.
[101]	DOSHI R， APTHORPE N， FEAMSTER N. Machine learning DDoS detection for consumer internet of things devices［C］// Proceedings of the 2018 IEEE Security and Privacy Workshops. Piscataway： IEEE， 2018： 29-35.

DDoS攻击防御技术综述

Review of DDoS attack defense technology

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 101

相关文章 15

编辑推荐

Metrics

[1]	郗恩康, 范菁, 金亚东, 董华, 俞浩, 孙伊航. 联邦学习在隐私安全领域面临的威胁综述[J]. 《计算机应用》唯一官方网站, 2026, 46(3): 798-808.
[2]	梁永濠, 李金龙. 用于神经布尔可满足性问题求解器的新型消息传递网络[J]. 《计算机应用》唯一官方网站, 2025, 45(9): 2934-2940.
[3]	葛丽娜, 王明禹, 田蕾. 联邦学习的高效性研究综述[J]. 《计算机应用》唯一官方网站, 2025, 45(8): 2387-2398.
[4]	郭书剑, 余节约, 尹学松. 图正则化弹性网子空间聚类[J]. 《计算机应用》唯一官方网站, 2025, 45(5): 1464-1471.
[5]	朱俊屹, 常雷雷, 徐晓滨, 郝智勇, 于海跃, 姜江. 基于最小先验知识的自监督学习方法[J]. 《计算机应用》唯一官方网站, 2025, 45(4): 1035-1041.
[6]	洪梓榕, 包广清. 基于集成学习的雷达自动目标识别综述[J]. 《计算机应用》唯一官方网站, 2025, 45(2): 371-382.
[7]	唐梅, 万武南, 张仕斌, 张金全. 基于区块链的DDoS防护研究综述[J]. 《计算机应用》唯一官方网站, 2025, 45(11): 3416-3423.
[8]	尚游, 缪祥华. 面向生成式对抗网络的贝叶斯成员推理攻击[J]. 《计算机应用》唯一官方网站, 2025, 45(10): 3252-3258.
[9]	王一铭, 李世源, 廖南清, 陈庆锋. 基于证据深度学习的不确定性感知无监督医学图像配准模型[J]. 《计算机应用》唯一官方网站, 2025, 45(10): 3371-3380.
[10]	谢丽霞, 王嘉敏, 杨宏宇, 胡泽, 成翔. 基于混合特征选择的低延时DDoS攻击检测[J]. 《计算机应用》唯一官方网站, 2025, 45(10): 3231-3240.
[11]	陈学斌, 任志强, 张宏扬. 联邦学习中的安全威胁与防御措施综述[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1663-1672.
[12]	姚梓豪, 栗远明, 马自强, 李扬, 魏良根. 基于机器学习的多目标缓存侧信道攻击检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1862-1871.
[13]	佘维, 李阳, 钟李红, 孔德锋, 田钊. 基于改进实数编码遗传算法的神经网络超参数优化[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 671-676.
[14]	郑毅, 廖存燚, 张天倩, 王骥, 刘守印. 面向城区的基于图去噪的小区级RSRP估计方法[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 855-862.
[15]	李博, 黄建强, 黄东强, 王晓英. 基于异构平台的稀疏矩阵向量乘自适应计算优化[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3867-3875.