主权项 |
1. A system for determining an application layer-based slow Distributed Denial-of-Service (DDoS) attack, the system comprising:
a packet collecting unit to collect a packet in a network; a packet parsing unit to extract at least one header field from the collected packet; and a DDoS attack determining unit to generate a flow table including a plurality of entries, track and manage session information for each entry in the flow table, and determine, using an active session count for an entry, whether an application layer-based slow DDoS attack is detected, the session information for each entry including the active session count, wherein the session information includes an established session count, the session information includes a session trial count, and the DDoS attack determining unit determines whether the application layer-based slow DDoS attack is detected based on variations in a time interval of the session trial count, the established session count, a terminated session count, and the active session count of the entry and based on a comparison of the active session count of the entry to a constant. |