This paper presents the APA-ANTI-DDoS(aggregate-based protocol analysis anti-DDoS)model to detect and defend the DDoS attack.APA-ANTI-DDoS model contains the abnormal traffic aggregate module,the protocol analysis module and the traffic processing module.The abnormal traffic aggregate module classifies the network traffic into normal traffic and the abnormal traffic;the protocol analysis module analyzes the potential features of DDoS attack traffic in the abnormal traffic;the traffic processing module filters the abnormal traffic according to the current features of DDoS attack,and resumes the non-attack traffic with the help of testing the congestion control feature of the traffic.The paper then implements the APA-ANTI-DDoS system.The experimental results show that APA-ANTI-DDoS model can primely detect and defend DDoS attack and resume the non-attack traffic at the time of miscarriage of justice to guarantee the legal communication traffic.