Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics

被引：1

作者：

Krasnov, A. E. ^{[1
]}

Nadezhdin, E. N. ^{[1
]}

Nikol'skii, D. N. ^{[2
]}

Repin, D. S. ^{[3
]}

Galyaev, V. S. ^{[1
]}

机构：

[1] State Inst Informat Technol & Telecommun, Ul Chasovaya 21B, Moscow 125315, Russia

[2] State Inst Informat Technol & Telecommun, Phys & Math, Ul Chasovaya 21B, Moscow 125315, Russia

[3] State Inst Informat Technol & Telecommun, Engn, Bryusov Per 21,Bld 2, Moscow 125009, Russia

来源：

VESTNIK UDMURTSKOGO UNIVERSITETA-MATEMATIKA MEKHANIKA KOMPYUTERNYE NAUKI | 2018年 / 28卷 / 03期

关键词：

network traffic; DDoS attack; detection; dynamical operator; evolution operator; hash function; classification;

D O I：

10.20537/vm180310

中图分类号：

O1 [数学];

学科分类号：

0701 ; 070101 ;

摘要：

This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.

引用

页码：407 / 418

页数：12

共 50 条

[1] Detecting DDoS Attacks Using the Analysis of Network Traffic as Dynamical System
Krasnov, A. E.
Nikol'skii, D. N.
Repin, D. S.
Galyaev, V. S.
Zykova, E. A.
2018 INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE MODERN COMPUTER NETWORK TECHNOLOGIES (MONETEC 2018), 2018,
[2] Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks
da Silva, L. E.
Coury, D., V
COMPUTERS & ELECTRICAL ENGINEERING, 2020, 87
[3] Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks
da Silva, L.E.
Coury, D.V.
da Silva, L.E. (lazaro@cefetmg.br), 1600, Elsevier Ltd (87):
[4] A Neural Network Model for Detecting DDoS Attacks Using Darknet Traffic Features
Ali, Siti Hajar Aminah
Ozawa, Seiichi
Ban, Tao
Nakazato, Junji
Shimamura, Jumpei
2016 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2016, : 2979 - 2985
[5] Detecting DDoS attacks by analyzing client response patterns
Soejima, Y
Chen, EY
Fuji, H
2005 SYMPOSIUM ON APPLICATIONS AND THE INTERNET WORKSHOPS, PROCEEDINGS, 2005, : 98 - 101
[6] Detecting method of DDoS attacks based on traffic statistics
Zhuang, Xiaobin
Lu, Kangjun
Wang, Li
Lu, Jianzhi
Li, Ou
Jisuanji Gongcheng/Computer Engineering, 2004, 30 (22):
[7] Detecting DDoS attacks using adversarial neural network
Mustapha, Ali
Khatoun, Rida
Zeadally, Sherali
Chbib, Fadlallah
Fadlallah, Ahmad
Fahs, Walid
El Attar, Ali
COMPUTERS & SECURITY, 2023, 127
[8] A Novel Visualization Method for Detecting DDoS Network Attacks
Zhang, Jiawan
Yang, Guoqiang
Lu, Liangfu
Huang, MaoLin
Che, Ming
VISUAL INFORMATION COMMUNICATION, 2010, : 185 - +
[9] Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics
Siaterlis, C
Maglaris, V
10TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS, PROCEEDINGS, 2005, : 469 - 475
[10] Network traffic anomalies automatic detection in DDoS attacks
Orekhov, Andrey V.
Orekhov, Aleksey A.
VESTNIK SANKT-PETERBURGSKOGO UNIVERSITETA SERIYA 10 PRIKLADNAYA MATEMATIKA INFORMATIKA PROTSESSY UPRAVLENIYA, 2023, 19 (02): : 251 - 263

← 1 2 3 4 5 →