Network traffic anomalies automatic detection in DDoS attacks

A. V. Orekhov; A. A. Orekhov

A. V. Orekhov ; A. A. Orekhov

Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ, Tome 19 (2023) no. 2, pp. 251-263

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.

Keywords: traffic strategy, DDoS attack, unsupervised machine learning, sequential statistical analysis, least squares method.
Mots-clés : Markov moment

@article{VSPUI_2023_19_2_a9,
     author = {A. V. Orekhov and A. A. Orekhov},
     title = {Network traffic anomalies automatic detection in {DDoS} attacks},
     journal = {Vestnik Sankt-Peterburgskogo universiteta. Prikladna\^a matematika, informatika, processy upravleni\^a},
     pages = {251--263},
     publisher = {mathdoc},
     volume = {19},
     number = {2},
     year = {2023},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/}
}

TY  - JOUR
AU  - A. V. Orekhov
AU  - A. A. Orekhov
TI  - Network traffic anomalies automatic detection in DDoS attacks
JO  - Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ
PY  - 2023
SP  - 251
EP  - 263
VL  - 19
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/
LA  - ru
ID  - VSPUI_2023_19_2_a9
ER  -

%0 Journal Article
%A A. V. Orekhov
%A A. A. Orekhov
%T Network traffic anomalies automatic detection in DDoS attacks
%J Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ
%D 2023
%P 251-263
%V 19
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/
%G ru
%F VSPUI_2023_19_2_a9

A. V. Orekhov; A. A. Orekhov. Network traffic anomalies automatic detection in DDoS attacks. Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ, Tome 19 (2023) no. 2, pp. 251-263. http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/

Parcourir par

Geodesic

Parcourir par