The work proposes and investigates an intelligent method and algorithms for on-line assessment of the state of network elements to ensure the required quality indicators of provided communication services in corporate high-speed multiservice communication networks. The developed method and algorithms operate in a mode close to real time. One of the features of corporate multiservice communication networks is the high dynamics of changes in their state. The main task of the automated control system, which is an integral part of the corporate multiservice communication network, is to ensure the specified quality of the provided communication services to the consumer. Thus, the relevance of the research presented in the work is due to the fact that most of the management processes in corporate high-speed multiservice communication networks must be implemented in a mode close to real time with a given quality. The basis of the method for operational assessment of the state of network elements is the concept of creating and using intelligent agents. In the proposed approach, intelligent agents are created as hierarchical fuzzy situational networks, in which control solutions, in contrast to known methods based on the use of reference situations, are applied based on solving a hierarchical set of optimization problems using fuzzy mathematical programming methods. The main paradigm of their functioning is “situation -action”.
The paper suggests a method of early detection of cyber-attacks by using DDoS attacks as an example) using the method of extreme filtering in a mode close real time. The process of decomposition of the total signal (additive superposition of attacking and legitimate effects) and its decomposition using the method of extreme filtering is simulated. A profile model of a stochastic network is proposed. This allows to specify the influence of the intruder on the network using probabilistic-time characteristics. Experimental evaluation of metrics characterizing the cyber-attack is given. It is demonstrated how obtained values of metrics confirm the process of attack preparation, for instance the large-scaled telecommunication network, which includes the proposed method for early detection of attacks, has a recovery time of no more than 9 s, and the parameters of quality of service remain in an acceptable range.Keywords: DDoS; detection of cyber-attacks; extreme filtering; signal decomposition; stochastic network conversion method IntroductionFor the period from 2019 to 2024, one of the national projects in Russia was the "Digital Economy" project, the main tasks of which were to ensure information security in the transmission, processing, and storage of data [1]. This task was fully valid for modern power supply systems and grids, especially in modern conditions, where smart electronic devices and software-defined networks are embedded in energy power infrastructures [2,3].This fact confirms the relevance of information security and the need for diverse solutions in this area. References [4][5][6][7][8][9][10][11][12][13][14][15] describe the most common types of attacks, especially DDOS attacks. According to the Kaspersky Lab, in 2019 the total number of attacks and the number of smart attacks (i.e., attacks which require more thorough preparation and are directed on the most vulnerable network element) were increased. Moreover, despite a decrease in the average duration of DDOS attacks, the duration of smart attacks increased. The longest attacks that were employed lasted 509 h. The dynamics of the distribution of the total duration of attacks during the year had not changed much: those attacks that lasted no more than 4 hours dominate. At the same time, the cost of DDOS attacks was reduced due to their simple implementation [16]. However, if we take into account the fact that each year the implementation time of the longest attacks significantly increases (329 h in 2018 and 509 in 2019), the ever-increasing influence of these attacks on various organizations becomes obvious. Thus, the negative effect of attacks increases. Therefore, the issue of timely detection of such actions
Purpose: To develop a model for the evaluation and analysis of control logical channels (CC) performance quality of GSM-R radiocommunication standard. Methods: Performance process of shared control channel is presented in the form of a stochastic network with further obtaining equivalent function, average time and the function of distributing the time of information transfer in data transmission channel. Results: Mathematical model of shared CC performance process has been developed, corresponding to the algorithm of establishing connection of a mobile user with a network base station. The modeling results allow to conclude on the model adequacy and to assess the degree of various kind interference impact in a given area, including those created by violator’s jammers. The feasibility of reducing analysis time of the parameters of signals, transmitted from a mobile to base station, as well as the need to increase the noise immunity of signals for the control of entry into communication, received signal level and quality are shown. Practical significance: This model can be used to evaluate and analyze performance efficiency of control channels of GSM-R standard mobile radiocommunication real systems.
The paper proposes a method for improving the accuracy of early detection of cyber attacks with a small impact, in which the mathematical expectation is a fraction of the total, and the pulse repetition period is quite long. Early detection of attacks against telecommunication networks is based on traffic analysis using extreme filtering. The algorithm of fuzzy logic for deciding on the results of extreme filtering is suggested. The results of an experimental evaluation of the proposed method are presented. They demonstrate that the method is sensitive even with minor effects. In order to eliminate the redundancy of the analyzed parameters, it is enough to use the standard deviation and the correlation interval for decision making.
In the paper, an adaptive hybrid heuristic (behavioral) method for detecting small traffic anomalies in high-speed multiservice communication networks, which operates in real time, is proposed and investigated. The relevance of this study is determined by the fact that network security management processes in high-speed multiservice communication networks need to be implemented in a mode close to real-time mode, as well as identifying possible network security threats in the early stages of the implementation of possible network attacks. The proposed method and algorithm belong to the class of adaptive methods and algorithms with preliminary training. The average relative error in estimating the evaluated traffic parameters does not exceed 10%, which is sufficient for the implementation of operational network management tasks. Anomalies of the expectation of traffic intensity and its dispersion are identified if their valuesexceed the normal values by 15% or more, which makes it possible to detect possible network attacks in the early phases of their implementation, for example, at the stage of scanning ports and interfaces of the attacked system. The procedure for detecting anomalous traffic behavior is implemented based on the Mamdani’s method of hierarchical fuzzy logical inference. A study of the proposed method for detecting anomalous behavior of network traffic showed its high efficiency.
The article proposes an approach to ensuring the functioning of Software-Defined Networks (SDN) in cyber attack conditions based on the analytical modeling of cyber attacks using the method of topological transformation of stochastic networks. Unlike other well-known approaches, the proposed approach combines the SDN resilience assessment based on analytical modeling and the SDN state monitoring based on a neural network. The mathematical foundations of this assessment are considered, which make it possible to calculate the resilience indicators of SDN using analytical expressions. As the main indicator, it is proposed to use the correct operation coefficient for the resilience of SDN. The approach under consideration involves the development of verbal models of cyber attacks, followed by the construction of their analytical models. In order to build analytical models of cyber attacks, the method of topological transformation of stochastic networks (TTSN) is used. To obtain initial data in the simulation, the SDN simulation bench was justified and deployed in the EVE-NG (Emulated Virtual Environment Next Generation) virtual environment. The result of the simulation is the time distribution function and the average time for the cyber attack implementation. These results are then used to evaluate the SDN resilience indicators, which are found by using the Markov processes theory. In order to ensure the resilience of the SDN functioning, the article substantiates an algorithm for monitoring the state of controllers and their automatic restructuring, built on the basis of a neural network. When one is choosing a neural network, a comparative evaluation of the convolutional neural network and the LSTM neural network is carried out. The experimental results of analytical modeling and simulation are presented and their comparative evaluation is carried out, which showed that the proposed approach has a sufficiently high accuracy, completeness of the obtained solutions and it took a short time to obtain the result.
Cyberattacks against the elements of technological data transmission networks represent a rather significant threat of disrupting the management of regional electric power complexes. Therefore, evaluating the functioning quality of data transmission networks in the context of cyberattacks is an important task that helps to make the right decisions on the telecommunication support of electric power systems. The known models and methods for solving this problem have limited application areas determined by the admissible packet distribution laws. The paper proposes a new method for evaluating the quality of the functioning of data transmission networks, based on modeling the process of functioning of data transmission networks in the form of a stochastic network. The proposed method removes restrictions on the form of the initial distributions and makes the assumptions about the exponential distribution of the expected time and packet servicing in modern technological data transmission networks unnecessary. The method gives the possibility to evaluate the quality of the network functioning in the context of cyberattacks for stationary Poisson transmission and self-similar traffic, represented by Pareto and Weibul flows models. The obtained evaluation results are in good agreement with the data represented in previously published papers.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.