Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics

被引：1

作者：

Krasnov, A. E. ^{[1
]}

Nadezhdin, E. N. ^{[1
]}

Nikol'skii, D. N. ^{[2
]}

Repin, D. S. ^{[3
]}

Galyaev, V. S. ^{[1
]}

机构：

[1] State Inst Informat Technol & Telecommun, Ul Chasovaya 21B, Moscow 125315, Russia

[2] State Inst Informat Technol & Telecommun, Phys & Math, Ul Chasovaya 21B, Moscow 125315, Russia

[3] State Inst Informat Technol & Telecommun, Engn, Bryusov Per 21,Bld 2, Moscow 125009, Russia

来源：

VESTNIK UDMURTSKOGO UNIVERSITETA-MATEMATIKA MEKHANIKA KOMPYUTERNYE NAUKI | 2018年 / 28卷 / 03期

关键词：

network traffic; DDoS attack; detection; dynamical operator; evolution operator; hash function; classification;

D O I：

10.20537/vm180310

中图分类号：

O1 [数学];

学科分类号：

0701 ; 070101 ;

摘要：

This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.

引用

页码：407 / 418

页数：12

共 50 条

[1] Detecting DDoS Attacks Using the Analysis of Network Traffic as Dynamical System
Krasnov, A. E.
Nikol'skii, D. N.
Repin, D. S.
Galyaev, V. S.
Zykova, E. A.
[J]. 2018 INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE MODERN COMPUTER NETWORK TECHNOLOGIES (MONETEC 2018), 2018,
[2] Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks
da Silva, L. E.
Coury, D., V
[J]. COMPUTERS & ELECTRICAL ENGINEERING, 2020, 87
[3] Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks
da Silva, L.E.
Coury, D.V.
[J]. Computers and Electrical Engineering, 2020, 87
[4] A Neural Network Model for Detecting DDoS Attacks Using Darknet Traffic Features
Ali, Siti Hajar Aminah
Ozawa, Seiichi
Ban, Tao
Nakazato, Junji
Shimamura, Jumpei
[J]. 2016 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2016, : 2979 - 2985
[5] Detecting DDoS attacks by analyzing client response patterns
Soejima, Y
Chen, EY
Fuji, H
[J]. 2005 SYMPOSIUM ON APPLICATIONS AND THE INTERNET WORKSHOPS, PROCEEDINGS, 2005, : 98 - 101
[6] A Novel Visualization Method for Detecting DDoS Network Attacks
Zhang, Jiawan
Yang, Guoqiang
Lu, Liangfu
Huang, MaoLin
Che, Ming
[J]. VISUAL INFORMATION COMMUNICATION, 2010, : 185 - +
[7] Detecting DDoS attacks using adversarial neural network
Mustapha, Ali
Khatoun, Rida
Zeadally, Sherali
Chbib, Fadlallah
Fadlallah, Ahmad
Fahs, Walid
El Attar, Ali
[J]. COMPUTERS & SECURITY, 2023, 127
[8] Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics
Siaterlis, C
Maglaris, V
[J]. 10TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS, PROCEEDINGS, 2005, : 469 - 475
[9] Network traffic anomalies automatic detection in DDoS attacks
Orekhov, Andrey V.
Orekhov, Aleksey A.
[J]. VESTNIK SANKT-PETERBURGSKOGO UNIVERSITETA SERIYA 10 PRIKLADNAYA MATEMATIKA INFORMATIKA PROTSESSY UPRAVLENIYA, 2023, 19 (02): : 251 - 263
[10] Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average
Kim, Tae Hwan
Kim, Dong Seong
Lee, Sang Min
Park, Jong Sou
[J]. ADVANCES IN INFORMATION SECURITY AND ASSURANCE, 2009, 5576 : 290 - +

← 1 2 3 4 5 →