Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics

A. E. Krasnov; E. N. Nadezhdin; D. N. Nikol'skii; D. S. Repin; V. S. Galyaev

A. E. Krasnov ; E. N. Nadezhdin ; D. N. Nikol'skii ; D. S. Repin ; V. S. Galyaev

Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki, Tome 28 (2018) no. 3, pp. 407-418

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.

Keywords: network traffic, DDoS attack, detection, dynamical operator, evolution operator, hash function
Mots-clés : classification.

@article{VUU_2018_28_3_a9,
     author = {A. E. Krasnov and E. N. Nadezhdin and D. N. Nikol'skii and D. S. Repin and V. S. Galyaev},
     title = {Detecting {DDoS} attacks by analyzing the dynamics and interrelation of network traffic characteristics},
     journal = {Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹ\^uternye nauki},
     pages = {407--418},
     publisher = {mathdoc},
     volume = {28},
     number = {3},
     year = {2018},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/}
}

TY  - JOUR
AU  - A. E. Krasnov
AU  - E. N. Nadezhdin
AU  - D. N. Nikol'skii
AU  - D. S. Repin
AU  - V. S. Galyaev
TI  - Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
JO  - Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki
PY  - 2018
SP  - 407
EP  - 418
VL  - 28
IS  - 3
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/
LA  - ru
ID  - VUU_2018_28_3_a9
ER  -

%0 Journal Article
%A A. E. Krasnov
%A E. N. Nadezhdin
%A D. N. Nikol'skii
%A D. S. Repin
%A V. S. Galyaev
%T Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
%J Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki
%D 2018
%P 407-418
%V 28
%N 3
%I mathdoc
%U http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/
%G ru
%F VUU_2018_28_3_a9

A. E. Krasnov; E. N. Nadezhdin; D. N. Nikol'skii; D. S. Repin; V. S. Galyaev. Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki, Tome 28 (2018) no. 3, pp. 407-418. http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/

Parcourir par

Geodesic

Parcourir par