网络流量异常自动检测DDoS攻击

IF 0.3 Q4 MATHEMATICS, INTERDISCIPLINARY APPLICATIONS

Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya Pub Date : 2023-01-01 DOI:10.21638/11701/spbu10.2023.210

Andrey V. Orekhov, Aleksey Orekhov

{"title":"网络流量异常自动检测DDoS攻击","authors":"Andrey V. Orekhov, Aleksey Orekhov","doi":"10.21638/11701/spbu10.2023.210","DOIUrl":null,"url":null,"abstract":"Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.","PeriodicalId":43738,"journal":{"name":"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya","volume":"43 1","pages":""},"PeriodicalIF":0.3000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Network traffic anomalies automatic detection in DDoS attacks\",\"authors\":\"Andrey V. Orekhov, Aleksey Orekhov\",\"doi\":\"10.21638/11701/spbu10.2023.210\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.\",\"PeriodicalId\":43738,\"journal\":{\"name\":\"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya\",\"volume\":\"43 1\",\"pages\":\"\"},\"PeriodicalIF\":0.3000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21638/11701/spbu10.2023.210\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21638/11701/spbu10.2023.210","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

摘要

分布式拒绝服务攻击(DDoS)是指对互联网计算系统的入侵。它们的目的是使用户无法访问互联网系统。DDoS攻击是指同时向某一资源发送多个请求。因此，服务器无法承受网络负载。在这种情况下，提供商必须确定攻击开始的时刻并更改流量管理策略。通过使用无监督机器学习方法和对网络活动的顺序统计分析，可以检测到DDoS攻击的开始。为了激活它，使用基于具有单调递增轨迹的离散随机过程的数学模型是方便的。随机函数由广义时间与网络流量累积和的对应关系，或传入数据包总数与处理数据包累积和的对应关系，由线性增长变为非线性增长。在第一种情况下，抛物线或指数，在第二种情况下，对数或反正切。为了确定增长类型发生变化的时刻，可以使用二次形式的近似估计检验作为统计规则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Network traffic anomalies automatic detection in DDoS attacks

Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Vestnik Sankt-Peterburgskogo Universiteta Seriya 10 Prikladnaya Matematika Informatika Protsessy Upravleniya MATHEMATICS, INTERDISCIPLINARY APPLICATIONS-

CiteScore

1.30

自引率

50.00%

发文量

期刊介绍： The journal is the prime outlet for the findings of scientists from the Faculty of applied mathematics and control processes of St. Petersburg State University. It publishes original contributions in all areas of applied mathematics, computer science and control. Vestnik St. Petersburg University: Applied Mathematics. Computer Science. Control Processes features articles that cover the major areas of applied mathematics, computer science and control.