Vestnik Sankt-Peterburgskogo Universiteta. Seriya 10. Prikladnaya Matematika. Informatika. Protsessy Upravleniya
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS


Vestnik S.-Petersburg Univ. Ser. 10. Prikl. Mat. Inform. Prots. Upr.:
Year:
Volume:
Issue:
Page:
Find




Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register

Vestnik Sankt-Peterburgskogo Universiteta. Seriya 10. Prikladnaya Matematika. Informatika. Protsessy Upravleniya, 2023, Volume 19, Issue 2, Pages 251–263
DOI: https://doi.org/10.21638/11701/spbu10.2023.210 (Mi vspui581) 		 
Computer science

Network traffic anomalies automatic detection in DDoS attacks

A. V. Orekhova, A. A. Orekhovb

a St. Petersburg State University, 7–9, Universitetskaya nab., St. Petersburg, 199034, Russian Federation
b Transtech, 1, pl. Konstitutsii, St. Petersburg, 196247, Russian Federation
Full-text PDF (261 kB)
References:
PDF
HTML
DOI: https://doi.org/10.21638/11701/spbu10.2023.210
Abstract: Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.
Keywords: traffic strategy, DDoS attack, unsupervised machine learning, sequential statistical analysis, Markov moment, least squares method.
Received: February 25, 2023
Accepted: April 25, 2023
Document Type: Article
UDC: 004.7
MSC: 68М25
Language: Russian
Citation: A. V. Orekhov, A. A. Orekhov, “Network traffic anomalies automatic detection in DDoS attacks”, Vestnik S.-Petersburg Univ. Ser. 10. Prikl. Mat. Inform. Prots. Upr., 19:2 (2023), 251–263
Citation in format AMSBIB
\Bibitem{OreOre23}
\by A.~V.~Orekhov, A.~A.~Orekhov
\paper Network traffic anomalies automatic detection in DDoS attacks
\jour Vestnik S.-Petersburg Univ. Ser. 10. Prikl. Mat. Inform. Prots. Upr.
\yr 2023
\vol 19
\issue 2
\pages 251--263
\mathnet{http://mi.mathnet.ru/vspui581}
\crossref{https://doi.org/10.21638/11701/spbu10.2023.210}
Linking options:
  • https://www.mathnet.ru/eng/vspui581
  • https://www.mathnet.ru/eng/vspui/v19/i2/p251
    • Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    		Вестник Санкт-Петербургского университета. Серия 10. Прикладная математика. Информатика. Процессы управления
    Statistics & downloads:
    Abstract page:21
    Full-text PDF :24
    References:11
     
      Contact us:
    		  Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024