A. E. Krasnov, E. N. Nadezhdin, D. N. Nikol'skii, D. S. Repin, V. S. Galyaev, “Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics”, Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki, 28:3 (2018), 407

Vestnik Udmurtskogo Universiteta. Matematika. Mekhanika. Komp'yuternye Nauki

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive
	Impact factor

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Vestnik Udmurtskogo Universiteta. Matematika. Mekhanika. Komp'yuternye Nauki, 2018, Volume 28, Issue 3, Pages 407–418
DOI: https://doi.org/10.20537/vm180310 (Mi vuu647)

This article is cited in 5 scientific papers (total in 5 papers)

COMPUTER SCIENCE

Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics

A. E. Krasnov, E. N. Nadezhdin, D. N. Nikol'skii, D. S. Repin, V. S. Galyaev

State Institute of Information Technologies and Telecommunications, ul. Chasovaya, 21B, Moscow, 125315, Russia

Full-text PDF (239 kB) Citations (5)

References:

PDF

HTML

DOI: https://doi.org/10.20537/vm180310

Abstract: This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.

Keywords: network traffic, DDoS attack, detection, dynamical operator, evolution operator, hash function, classification.

Funding agency	Grant number
Ministry of Education and Science of the Russian Federation	RFMEFI57817X0261
The work was supported by the Ministry of Education and Science of Russian Federation by lot code 2017-14-579-0002 on the topic: “The development of effective algorithms for detection network attacks based on identifying of deviations in the traffic of extremely large volumes arriving at the border routers of the data network and creating a sample of software complex for detection and prevention of information security threats aimed at denial of service”. The unique identifier of the work (project) is RFMEFI57817X0261.

Received: 15.06.2018

Bibliographic databases:

Document Type: Article

UDC: 517.28, 530.181

MSC: 90B20, 47A62

Language: Russian

Citation: A. E. Krasnov, E. N. Nadezhdin, D. N. Nikol'skii, D. S. Repin, V. S. Galyaev, “Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics”, Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki, 28:3 (2018), 407–418

Citation in format AMSBIB

\Bibitem{KraNadNik18}

\by A.~E.~Krasnov, E.~N.~Nadezhdin, D.~N.~Nikol'skii, D.~S.~Repin, V.~S.~Galyaev

\paper Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics

\jour Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki

\yr 2018

\vol 28

\issue 3

\pages 407--418

\mathnet{http://mi.mathnet.ru/vuu647}

\crossref{https://doi.org/10.20537/vm180310}

\elib{https://elibrary.ru/item.asp?id=35645990}

Linking options:

https://www.mathnet.ru/eng/vuu647

https://www.mathnet.ru/eng/vuu/v28/i3/p407

This publication is cited in the following 5 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Вестник Удмуртского университета. Математика. Механика. Компьютерные науки

Statistics & downloads:
Abstract page:	361
Full-text PDF :	196
References:	41

Что такое QR-код?

Registration to the website

Logotypes