Geodesic
Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki, Tome 28 (2018) no. 3, pp. 407-418 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.
Keywords: network traffic, DDoS attack, detection, dynamical operator, evolution operator, hash function
Mots-clés : classification. 
@article{VUU_2018_28_3_a9,
     author = {A. E. Krasnov and E. N. Nadezhdin and D. N. Nikol'skii and D. S. Repin and V. S. Galyaev},
     title = {Detecting {DDoS} attacks by analyzing the dynamics and interrelation of network traffic characteristics},
     journal = {Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹ\^uternye nauki},
     pages = {407--418},
     year = {2018},
     volume = {28},
     number = {3},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/}
}
TY  - JOUR
AU  - A. E. Krasnov
AU  - E. N. Nadezhdin
AU  - D. N. Nikol'skii
AU  - D. S. Repin
AU  - V. S. Galyaev
TI  - Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
JO  - Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki
PY  - 2018
SP  - 407
EP  - 418
VL  - 28
IS  - 3
UR  - http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/
LA  - ru
ID  - VUU_2018_28_3_a9
ER  - 
%0 Journal Article
%A A. E. Krasnov
%A E. N. Nadezhdin
%A D. N. Nikol'skii
%A D. S. Repin
%A V. S. Galyaev
%T Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
%J Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki
%D 2018
%P 407-418
%V 28
%N 3
%U http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/
%G ru
%F VUU_2018_28_3_a9
A. E. Krasnov; E. N. Nadezhdin; D. N. Nikol'skii; D. S. Repin; V. S. Galyaev. Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Vestnik Udmurtskogo universiteta. Matematika, mehanika, kompʹûternye nauki, Tome 28 (2018) no. 3, pp. 407-418. http://geodesic.mathdoc.fr/item/VUU_2018_28_3_a9/

[1] Zeb K., Baig O., Asif M. K., “DDoS attacks and countermeasures in cyberspace”, 2015 2nd World Symposium on Web Applications and Networking (WSWAN), IEEE, 2015 | DOI | Zbl

[2] Singh K., Dhindsa K. S., Bhushan B., “Distributed defense: an edge over centralized defense against DDoS attacks”, International Journal of Computer Network and Information Security (IJCNIS), 9:3 (2017), 36–44

[3] Bhattacharyya D. K., Kalita J. K., DDoS attacks: evolution, detection, prevention, reaction, and tolerance, CRC Press, 2016, 312 pp.

[4] Li M., “An approach to reliably identifying signs of DDoS flood attacks based on LRD traffic pattern recognition”, Computers and Security, 23:7 (2004), 549–558 | DOI

[5] Yu S., Zhou W., Jia W., Guo S., Xiang Y., Tang F., “Discriminating DDoS attacks from flash crowds using flow correlation coefficient”, IEEE Transactions on Parallel and Distributed Systems, 23:6 (2012), 1073–1080 | DOI

[6] Jin S., Yeung D. S., “A covariance analysis model for DDoS attack detection”, 2004 IEEE International Conference on Communications, IEEE, 2004, IEEE Cat. No 04CH37577 | DOI

[7] Wu Z., Wang M., Zhang H., Liu X., “Correlation-based detection of LDoS attack”, Journal of Software, 7:10 (2012) | DOI

[8] Kotenko I., Fedorchenko A., Saenko I., Kushnerevich A., “Big data technologies for security event correlation based on event type accounting”, Voprosy Kiberbezopasnosti, 2017, no. 5 (24), 2–16 | DOI

[9] “Cheng C. M., Kung H. T., Tan K. S.”, Global Telecommunications Conference, GLOBECOM '02, IEEE, 2002 | DOI

[10] Chen Y., Hwang K., “Spectral analysis of TCP flows for defense against reduction-of-quality attacks”, 2007 IEEE International Conference on Communications, IEEE, 2007 | DOI

[11] Fouladi R. F., Seifpoor T., Anarim E., “Frequency characteristics of DoS and DDoS attacks”, 2013 21st Signal Processing and Communications Applications Conference (SIU), IEEE, 2013 | DOI | Zbl

[12] Fouladi R. F., Kayatas C. E., Anarim E., “Frequency based DDoS attack detection approach using naive Bayes classification”, 2016 39th International Conference on Telecommunications and Signal Processing (TSP), IEEE, 2016 | DOI | MR

[13] Li L., Lee G., “DDoS attack detection and wavelets”, Telecommunication Systems, 28:3–4 (2005), 435–451 | DOI

[14] Li M., Li M., “A new approach for detecting DDoS attacks based on wavelet analysis”, 2009 2nd International Congress on Image and Signal Processing, IEEE, 2009 | DOI

[15] Salagean M., Firoiu I., “Anomaly detection of network traffic based on analytical discrete wavelet transform”, 2010 8th International Conference on Communications, IEEE, 2010 | DOI | Zbl

[16] Dingde J., Wenda Q., Laisen N., Cheng Y., Rongfang L., “Time-frequency detection algorithm of network traffic anomalies”, International Proceedings of Computer Science and Information Technology, 36 (2012), 103–108 http://www.ipcsit.com/vol36/021-ICIIM2012-M0053.pdf

[17] Cheng J., Yin J., Liu Y., Cai Z., Wu C., “DDoS attack detection using IP address feature interaction”, 2009 International Conference on Intelligent Networking and Collaborative Systems, IEEE, 2009 | DOI

[18] Galayev V. S., Krasnov A. E., Nikol'skii D. N., Repin D. S., “The space of structural features for increasing the efficiency of the algorithms for detecting network attacks, based on the detection of anomalies in the traffic of extremely large volumes”, International Journal of Applied Engineering Research, 12:21 (2017), 10781–10790 http://www.ripublication.com/ijaer17/ijaerv12n21_35.pdf

[19] Demidovich B. P., Lectures on the mathematical theory of stability, Nauka, M., 1967, 472 pp.

[20] Sitenko A. G., Theory of scattering, course of lectures, Vishcha Shkola, Kiev, 1975, 256 pp.

[21] Peano G., “Integration par series des equations differentielles lineaires”, Mathematische Annalen, 32:3 (1888), 450–456 | DOI | MR

[22] Dyson F. J., “The radiation theories of Tomonaga, Schwinger, and Feynman”, Physical Review, 75:3 (1949), 486–502 | DOI | MR | Zbl

[23] Krasnov A. E., Nadezhdin E. N., Nikol'skii D. N., Galyaev V. S., “Application of the evolution operator method to the analysis of multidimensional time series”, Algebra, Number Theory and Discrete Geometry: modern problems and applications, Proceedings of XV International Conference dedicated to the centenary of the birth of Professor Nikolai Mikhailovich Korobov, Tula State Pedagogical University, Tula, 2018, 313–316 (in Russian)

[24] Wald A., Sequential analysis, J. Wiley Sons, Inc., New York, 1947, 212 pp. | MR | Zbl

[25] Krasnov A. E., Nadezhdin E. N., Galayev V. S., Zykova E. A., Nikol'skii D. N., Repin D. S., “DDoS attack detection based on network traffic phase coordinates analysis”, International Journal of Applied Engineering Research, 13:8 (2018), 5647–5654 http://www.ripublication.com/ijaer18/ijaerv13n8_11.pdf