Network traffic anomalies automatic detection in DDoS attacks

IF 0.3 Q4 MATHEMATICS, INTERDISCIPLINARY APPLICATIONS
Andrey V. Orekhov, Aleksey Orekhov
{"title":"Network traffic anomalies automatic detection in DDoS attacks","authors":"Andrey V. Orekhov, Aleksey Orekhov","doi":"10.21638/11701/spbu10.2023.210","DOIUrl":null,"url":null,"abstract":"Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.","PeriodicalId":43738,"journal":{"name":"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya","volume":"43 1","pages":""},"PeriodicalIF":0.3000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21638/11701/spbu10.2023.210","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.
网络流量异常自动检测DDoS攻击
分布式拒绝服务攻击(DDoS)是指对互联网计算系统的入侵。它们的目的是使用户无法访问互联网系统。DDoS攻击是指同时向某一资源发送多个请求。因此,服务器无法承受网络负载。在这种情况下,提供商必须确定攻击开始的时刻并更改流量管理策略。通过使用无监督机器学习方法和对网络活动的顺序统计分析,可以检测到DDoS攻击的开始。为了激活它,使用基于具有单调递增轨迹的离散随机过程的数学模型是方便的。随机函数由广义时间与网络流量累积和的对应关系,或传入数据包总数与处理数据包累积和的对应关系,由线性增长变为非线性增长。在第一种情况下,抛物线或指数,在第二种情况下,对数或反正切。为了确定增长类型发生变化的时刻,可以使用二次形式的近似估计检验作为统计规则。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
1.30
自引率
50.00%
发文量
10
期刊介绍: The journal is the prime outlet for the findings of scientists from the Faculty of applied mathematics and control processes of St. Petersburg State University. It publishes original contributions in all areas of applied mathematics, computer science and control. Vestnik St. Petersburg University: Applied Mathematics. Computer Science. Control Processes features articles that cover the major areas of applied mathematics, computer science and control.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信