Distribution-based DDoS attack detection and response system

The distribution-based DDoS attack detection and a corresponding apparatus. And from a specific client terminal that measures the reception time of receiving the HTTP request, receiving a HTTP request for a predetermined observation time for calculating a reception time difference between the HTTP request time information calculator to a predetermined IP, the reception of the HTTP request, calculating time for calculating the distribution of the time difference distribution unit, the time to be compared with the calculated reception time a distribution value that is stored in advance in the primary normal traffic distribution information, and generating a sum summing the largest distribution value than the normal traffic distribution information information comparison unit, compares the integrated value with a predetermined threshold value, and that the integrated value is larger than a predetermined threshold value added DDoS determination section and determines the DDoS to detect the connection of the client terminal of the IP to the DDoS attack D. when detecting a DOS attack based distribution including a barrier to block the access of the client terminal Titus Attack Detection and Response unit using distribution characteristics while minimizing the amount of computation D may correspond to a DOS attack, to perform application layer based DDoS attack detection and response algorithms to target web service is the main target of DDoS attacks there is an effect that it is possible. DDoS, distribution, HTTP, threshold.