|
This article is cited in 5 scientific papers (total in 5 papers)
COMPUTER SCIENCE
Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
A. E. Krasnov, E. N. Nadezhdin, D. N. Nikol'skii, D. S. Repin, V. S. Galyaev State Institute
of Information Technologies and Telecommunications, ul. Chasovaya, 21B, Moscow, 125315, Russia
Abstract:
This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.
Keywords:
network traffic, DDoS attack, detection, dynamical operator, evolution operator, hash function, classification.
Received: 15.06.2018
Citation:
A. E. Krasnov, E. N. Nadezhdin, D. N. Nikol'skii, D. S. Repin, V. S. Galyaev, “Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics”, Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki, 28:3 (2018), 407–418
Linking options:
https://www.mathnet.ru/eng/vuu647 https://www.mathnet.ru/eng/vuu/v28/i3/p407
|
Statistics & downloads: |
Abstract page: | 378 | Full-text PDF : | 202 | References: | 50 |
|