Geodesic
Network traffic anomalies automatic detection in DDoS attacks
Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ, Tome 19 (2023) no. 2, pp. 251-263 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.
Keywords: traffic strategy, DDoS attack, unsupervised machine learning, sequential statistical analysis, least squares method.
Mots-clés : Markov moment 
@article{VSPUI_2023_19_2_a9,
     author = {A. V. Orekhov and A. A. Orekhov},
     title = {Network traffic anomalies automatic detection in {DDoS} attacks},
     journal = {Vestnik Sankt-Peterburgskogo universiteta. Prikladna\^a matematika, informatika, processy upravleni\^a},
     pages = {251--263},
     year = {2023},
     volume = {19},
     number = {2},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/}
}
TY  - JOUR
AU  - A. V. Orekhov
AU  - A. A. Orekhov
TI  - Network traffic anomalies automatic detection in DDoS attacks
JO  - Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ
PY  - 2023
SP  - 251
EP  - 263
VL  - 19
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/
LA  - ru
ID  - VSPUI_2023_19_2_a9
ER  - 
%0 Journal Article
%A A. V. Orekhov
%A A. A. Orekhov
%T Network traffic anomalies automatic detection in DDoS attacks
%J Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ
%D 2023
%P 251-263
%V 19
%N 2
%U http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/
%G ru
%F VSPUI_2023_19_2_a9
A. V. Orekhov; A. A. Orekhov. Network traffic anomalies automatic detection in DDoS attacks. Vestnik Sankt-Peterburgskogo universiteta. Prikladnaâ matematika, informatika, processy upravleniâ, Tome 19 (2023) no. 2, pp. 251-263. http://geodesic.mathdoc.fr/item/VSPUI_2023_19_2_a9/

[1] Gu Q., Liu P., “Denial of service attacks”, Handbook of Computer Networks, v. 3, John Wiley and Sons, Hoboken, New Jersey, 2012, 454–468 | DOI

[2] Burghouwt P., Spruit M., Sips H., “Towards detection of botnet communication through social media by monitoring user activity”, Information systems security, ICISS 2011, Lecture Notes in Computer Science, 7093, eds. S. Jajodia, C. Mazumdar, Springer, Berlin–Heidelberg, 2011, 131–143 | DOI

[3] Schiller C. A., Binkley J., Harley D., Evron G., Bradley T., Willems C., Cross M., Botnets: The Killer Web Applications, 1$^{\rm st}$ ed., Syngress, Burlington, Virginia, 2007, 480 pp.

[4] Dzaferovic E., Sokol A., Almisreb A. A., Norzeli A. S. M., “DoS and DDoS vulnerability of IoT: A review”, Sustainable Engineering and Innovation, 1:1 (2019), 43–48 | DOI

[5] Alieyan K., Almomani A., Abdullah R., Almutairi B., Alauthman M., “Botnet and Internet of Things (IoTs): A definition, taxonomy, challenges, and future directions”, Security, privacy, and forensics issues in big data, eds. R. Joshi, B. Gupta, IGI Global, Hershney, PA, 2020, 304–316 | DOI

[6] Dange S., Chatterjee M., “IoT Botnet: The largest threat to the IoT network”, Data Communication and Networks, Advances in Intelligent Systems and Computing, 1049, eds. L. Jain, G. Tsihrintzis, V. Balas, D. Sharma, Springer, Singapore, 2020, 137–157 | DOI | MR

[7] Alhammadi N. A. M., Zaboon K. H., Abdullah A. A., “A review of the common DDoS attack: types and protection approaches based on artificial intelligence”, Fusion: Practice and Applications, 7:1 (2022), 8–14 | DOI

[8] Bekeneva Ya. A., “Analysis of actual types of DDoS attacks and methods of protection against them”, Proceedings of St. Petersburg Electrotechnical University “LETI”, 2016, no. 1, 7–14 (In Russian)

[9] Obaid H. S., Abeed E. H., “DoS and DDoS attacks at OSI layers”, International Journal of Multidisciplinary Research and Publications (IJMRAP), 2:8 (2020), 1–9

[10] Alashhab Z. R., Anbar M., Singh M. M., Hasbullah I. H., Jain P., Al-Amiedy T. A., “Distributed denial of service attacks against cloud computing environment: survey, issues, challenges and coherent taxonomy”, Appl. Sci., 12 (2022), 12441 | DOI

[11] Kleyman B., Why DDoS is more dangerous for cloud and data center providers, February 9 2023 (accessed: February 20, 2023) https://www.datacenterfrontier.com/sponsored/article/21545878/a10-why-ddos-is-more-dangerous-for-cloud-and-data-center-providers

[12] Evglevskaya N. V., Zuev A. Yu., Karasenko A. O., Lauta O. S., “Comparative analysis of the effectiveness of existing methods of networks security from DDoS attacks”, Radio industry, 30:3 (2020), 67–74 (In Russian) | DOI

[13] Aamir M., Zaidi M. A., “A survey on DDoS attack and defense strategies: from traditional schemes to current techniques”, Interdisciplinary Information Sciences, 19:2 (2013), 173–200 | DOI

[14] Mahajan D., Sachdeva M., “DDoS attack prevention and mitigation techniques — a review”, International Journal of Computer Applications, 67:19, April (2013), 21–24 | DOI

[15] Rustam F., Mushtaq M. F., Hamza A., Farooq M. S., Jurcut A. D., Ashraf I., “Denial of service attack classification using machine learning with multi-features”, Electronics, 11 (2022), 3817 | DOI

[16] Ahmed S., Khan Z. A., Mohsin S. M., Latif S., Aslam S., Mujlid H., Adil M., Najam Z., “Effective and efficient DDoS attack detection using Deep Learning algorithm, multi-layer perceptron”, Future Internet, 15:2 (2023), 76 | DOI

[17] Wald A., Sequential analysis, John Wiley Sons, New York, USA, 1947, 212 pp. | MR

[18] Orekhov A. V., “Quasi-deterministic processes with monotonic trajectories and unsupervised machine learning”, Mathematics, 9 (2021), 2301 | DOI

[19] Lehmann E. L., Romano J. P., Testing statistical hypotheses, Springer-Verlag, New York, 2005, xiv+786 pp. | MR | Zbl

[20] Mazalov V. V., Mathematical game theory and applications, Lan' Publ, St. Petersburg, 2017, 448 pp. (In Russian)

[21] Bulinsky A. V., Shiryaev A. N., Theory of random processes, Fizmatlit Laboratory of basic knowledge Publ, M., 2003, 400 pp. (In Russian)

[22] Shiryaev A. N., Optimal stopping rules, Springer-Verlag, Berlin–Heidelberg, 2008, xii+220 pp. | DOI | MR | Zbl

[23] Shorten R., Wirth F., Mason O., Wulff K., King C., “Stability criteria for switched and hybrid systems”, SIAM Review, 49:4 (2007), 545–592 | DOI | MR | Zbl

[24] Hespanha J. P., “Stochastic hybrid systems: application to communication networks”, Hybrid systems: Computation and Control, HSCC 2004, Lecture Notes in Computer Science, 2993, eds. R. Alur, G. J. Pappas, Springer, Berlin–Heidelberg, 2004, 387–401 | DOI | Zbl

[25] Wu Sh.-J., Chu M. T., “Markov chains with memory, tensor formulation, and the dynamics of power iteration”, Applied Mathematics and Computation, 303 (2017), 226–239 | DOI | MR | Zbl