Fractal Analysis based Detection of DoS/LDoS Network Attacks

Barsukov, Igor S.; Бобрешов, А. М.; Riapolov, Mikhail P.

doi:10.1109/rusautocon.2019.8867618

Cited by 9 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The use of self-similarity and Renyi entropy can be found in [22]. Fractal analysis is closely related to self-similarity; its application to detect attacks can be found in [23]. Authors in [24] deal with a combination of fractal and recurrent functions.…”

Section: Related Workmentioning

confidence: 99%

Machine Recognition of DDoS Attacks Using Statistical Parameters

Smiesko,

Segec,

Kontsek

2023

Mathematics

View full text Add to dashboard Cite

As part of the research in the recently ended project SANET II, we were trying to create a new machine-learning system without a teacher. This system was designed to recognize DDoS attacks in real time, based on adaptation to real-time arbitrary traffic and with the ability to be embedded into the hardware implementation of network probes. The reason for considering this goal was our hands-on experience with the high-speed SANET network, which interconnects Slovak universities and high schools and also provides a connection to the Internet. Similar to any other public-facing infrastructure, it is often the target of DDoS attacks. In this article, we are extending our previous research, mainly by dealing with the use of various statistical parameters for DDoS attack detection. We tested the coefficients of Variation, Kurtosis, Skewness, Autoregression, Correlation, Hurst exponent, and Kullback–Leibler Divergence estimates on traffic captures of different types of DDoS attacks. For early machine recognition of the attack, we have proposed several detection functions that use the response of the investigated statistical parameters to the start of a DDoS attack. The proposed detection methods are easily implementable for monitoring actual IP traffic.

show abstract

Section: Related Workmentioning

confidence: 99%

Machine Recognition of DDoS Attacks Using Statistical Parameters

Smiesko,

Segec,

Kontsek

2023

Mathematics

View full text Add to dashboard Cite

show abstract

“…The research in [17] used self-similarity and Renyi entropy. The application of fractal analysis to detect attacks can be found in [18]. The authors in [19] dealt with a combination of fractal and recurrent functions.…”

Section: Related Workmentioning

confidence: 99%

One-Parameter Statistical Methods to Recognize DDoS Attacks

et al. 2022

View full text Add to dashboard Cite

Within our academic high-speed network infrastructure which is used for connecting all universities and high schools in our country to the Internet, there are thousands of cybersecurity attacks occurring every day. That is why, within our SANET II project, an effort has been made to create a self-learning system without a teacher, which would be able to quickly adapt to arbitrary traffic and recognize DDoS attacks on time, even in high-speed networks, with a potential simple implementation into a hardware probe. In the article, we deal with the Hurst and autoregression coefficients and the coefficient of variation. We test the coefficients on simulated data and on real records of attacks. For early machine recognition of the attack, we propose the so-called predicting σ-tunnel. The obtained results can lead to the investigation of other prediction methods that would improve the early recognition of an attack.

show abstract

“…These methods utilize different approaches in the process of estimation, and, as a result, the spectrum of the values can be wide. These statistical approaches are still used in the domain, e.g., R/S method [ 5 , 6 , 7 ], wavelet-method [ 8 ] and detrended fluctuation analysis [ 18 ]. In many studies, it has been proven that the wavelet-based technique gives the most reliable results [ 8 , 10 ].…”

Section: Related Workmentioning

confidence: 99%

“…Self-similarity and Long-Range Dependence (LRD) to this day are still relevant topics in the literature [ 4 , 5 , 6 ]. The analysis of these occurrences was recently applied to the attack detection domain [ 7 , 8 , 9 ]. The studies have proven that ignoring these phenomena has a negative effect on the estimation of performance measurements.…”

Section: Introductionmentioning

confidence: 99%

Long-Range Dependent Traffic Classification with Convolutional Neural Networks Based on Hurst Exponent Analysis

Filus

Domański

Domańska

et al. 2020

Entropy

View full text Add to dashboard Cite

The paper examines the ability of neural networks to classify Internet traffic data in terms of self-similarity expressed by the Hurst exponent. Fractional Gaussian noise is used for the generation of synthetic data for modeling the genuine ones. It is presented that the trained model is capable of classifying the synthetic data obtained from the Pareto distribution and the real traffic data. We present the results of training for different optimizers of the cost function and a different number of convolutional layers in the neural network.

show abstract

Fractal Analysis based Detection of DoS/LDoS Network Attacks

Cited by 9 publications

References 15 publications

Machine Recognition of DDoS Attacks Using Statistical Parameters

Machine Recognition of DDoS Attacks Using Statistical Parameters

One-Parameter Statistical Methods to Recognize DDoS Attacks

Long-Range Dependent Traffic Classification with Convolutional Neural Networks Based on Hurst Exponent Analysis

Contact Info

Product

Resources

About