提出了一种基于聚类的应用层DDoS攻击检测方法，该方法首先采集Web服务器端网络流量，经过数据预处理后 从中选取4个属性组成流量特征向量，后利用粒子群算法优化的K-Means聚类算法建立检测模型，并通过该模型识别攻击行 为。实验结果表明，该方法与K-Means算法建立的检测方法相比，能有效地识别应用层DDoS攻击行为，且具有较高的检测率

This paper proposes a clustering- based DDoS attack detection method for application layer. Firstly, the method collects web server network traffic, and selects four attributes to form the traffic feature vector after data preprocessing. Then, the K-means clustering algorithm optimized by particle swarm optimization is used to establish the detection model, and the attack behavior is identified through the model. Experimental results show that this method can effectively identify DDoS attacks in application layer and has higher detection rate compared with k-means algorithm.