Device and method for defending prepositioned reconfigurable DDoS (distributed denial of service) attack

The invention relates to a device and method for defending prepositioned reconfigurable DDoS (distributed denial of service) attack. The device comprises an access module which is connected to an external network and is used for receiving the dataflow from the network, wherein the access module is respectively connected to a detection module and a processing module; the detection module is connected to a control module; the control module is connected to the output port of a TCP (transmission control protocol) state monitoring module; the input port of the TCP state monitoring module is used for receiving the state information of an IP (internet protocol) protocol stack processing element; the TCP state monitoring module is used for monitoring the state of the IP protocol stack, so as to judge whether DDoS attack occurs and determine the degree of the attack; the processing module is respectively connected to the control module and the access module; the output port of the processing module is used for sending a processed packet to the IP protocol stack and the various-level DDoS defending function is achieved according to an instruction of the control module; and corresponding detecting and defending strategies are configured according to the classification of DDoS attack, thereby realizing the accurate efficient defense.