I. Introduction
The main features of an Internet network are its open environment and scalability. On one hand, these characteristics have led the growth of the Internet. On the other hand, vulnerabilities in the network have occurred simultaneously. The threat of Distributed Denial of Service (DDoS) attacks now has become a major issue in network security. Launching a DDoS attack becomes easier for DDoS attackers while the defenders have a more difficult detecting malicious network flow since the DDoS attacker now uses normal packets flow with spoofed packet information. A burden for the defenders is to process all packet information within a limited time because a DDoS attacker sends a lot of normal packets to a victim. Although there is a good monitoring scheme against DDoS attacks, it still needs relatively high computational time to identify an attack from a normal packet flow. The few current studies have focused mainly on reducing computation resources to detect a DDoS attack. This paper concentrates on designing an efficient DDoS attack detection method that can both significantly reduce computational time and increase detection accuracy.