Network traffic anomalies automatic detection in DDoS attacks
DOI:
https://doi.org/10.21638/11701/spbu10.2023.210Abstract
Distributed denial-of-service attacks (DDoS attacks) are intrusions into computing systems of the Internet. Their purpose is to make systems of the Internet inaccessible for users. DDoS attack consist of sending many requests to a certain resource at the same time. As a result, the server cannot withstand the network load. In such situation, a provider must determine the moment when attack begins and change the traffic management strategy. Detection of the beginning of a DDoS attack is possible by using unsupervised machine learning methods and sequential statistical analysis of network activity. To activate that, convenient to use mathematical models based on discrete random processes with monotonically increasing trajectories. Random functions, which are represented in the correspondence between generalized time and the cumulative sum of network traffic or the correspondence between the total number of incoming packets and the cumulative sum of packets processed, change their type of increasing from linear to non-linear. In the first case, to parabolic or exponential, in the second case to logarithmic or arctangent. To determine the moment when the type of increasing is going to change, one can use quadratic forms of approximation-estimation tests as statistical rules.
Keywords:
traffic strategy, DDoS attack, unsupervised machine learning, sequential statistical analysis, Markov moment, least squares method
Downloads
Download data is not yet available.
References
Литература
Gu Q., Liu P. Denial of service attacks // Handbook of Computer Networks. Hoboken, New Jersey: John Wiley and Sons, 2012. Vol. 3. P. 454-468. https://doi.org/10.1002/9781118256107.ch29
Burghouwt P., Spruit M., Sips H. Towards detection of botnet communication through social media by monitoring user activity // Information systems security / eds by S. Jajodia, C. Mazumdar. ICISS 2011. Lecture Notes in Computer Science. Vol. 7093. Berlin; Heidelberg: Springer, 2011. P. 131-143. https://doi.org/10.1007/978-3-642-25560-1_9
Schiller C. A., Binkley J., Harley D., Evron G., Bradley T., Willems C., Cross M. Botnets: The Killer Web Applications. 1st ed. Burlington, Virginia: Syngress, February 15, 2007. 480 p.
Dzaferovic E., Sokol A., Almisreb A. A., Norzeli A. S. M. DoS and DDoS vulnerability of IoT: A review // Sustainable Engineering and Innovation. 2019. Vol. 1(1). P. 43-48. https://doi.org/10.37868/sei.v1i1.36
Alieyan K., Almomani A., Abdullah R., Almutairi B., Alauthman M. Botnet and Internet of Things (IoTs): A definition, taxonomy, challenges, and future directions // Security, privacy, and forensics issues in big data / eds by R. Joshi, B. Gupta. Hershney, PA: IGI Global, 2020. P. 304-316. https://doi.org/10.4018/978-1-5225-9742-1.ch013
Dange S., Chatterjee M. IoT Botnet: The largest threat to the IoT network // Data Communi- cation and Networks. Advances in Intelligent Systems and Computing / eds by L. Jain, G. Tsihrintzis, V. Balas, D. Sharma. Singapore: Springer, 2020. Vol. 1049. P. 137-157. https://doi.org/10.1007/978-981-15-0132-6_10
Alhammadi N. A. M., Zaboon K. H., Abdullah A. A. A review of the common DDoS attack: types and protection approaches based on artificial intelligence // Fusion: Practice and Applications, 2022. Vol. 7. N 1. P. 8-14. https://doi.org/10.54216/FPA.070101
Бекенева Я. А. Анализ актуальных типов DDoS-атак и методов защиты от них // Известия СПбГЭТУ "ЛЭТИ". 2016. № 1. С. 7-14.
Obaid H. S., Abeed E. H. DoS and DDoS attacks at OSI layers // International Journal of Multidisciplinary Research and Publications (IJMRAP). 2020. Vol. 2. Iss. 8. P. 1-9.
Alashhab Z. R., Anbar M., Singh M. M., Hasbullah I. H., Jain P., Al-Amiedy T. A. Distributed denial of service attacks against cloud computing environment: survey, issues, challenges and coherent taxonomy // Appl. Sci. 2022. Vol. 12. N 12441. https://doi.org/10.3390/app122312441
Kleyman B. Why DDoS is more dangerous for cloud and data center providers. February 9, 2023. URL: https://www.datacenterfrontier.com/sponsored/article/21545878/a10-why-ddos-is-more-dangerous-for-cloud-and-data-center-providers (дата обращения: 20.02.2023)
Евглевская Н. В., Зуев А. Ю., Карасенко А. О., Лаута О. С. Сравнительный анализ эффективности существующих методов защиты сетей связи от DDoS-атак // Радиопромышленность. 2020. Т. 30. № 3. С. 67-74. https://doi.org/10.21778/2413-9599-2020-30-3-67-74
Aamir M., Zaidi M. A. A survey on DDoS attack and defense strategies: from traditional schemes to current techniques // Interdisciplinary Information Sciences. 2013. Vol. 19(2). P. 173-200. https://doi.org/10.4036/iis.2013.173
Mahajan D., Sachdeva M. DDoS attack prevention and mitigation techniques - a review // International Journal of Computer Applications. April 2013. Vol. 67(19). P. 21-24. https://doi.org/10.5120/11504-7221
Rustam F., Mushtaq M. F., Hamza A., Farooq M. S., Jurcut A. D., Ashraf I. Denial of service attack classification using machine learning with multi-features // Electronics. 2022. Vol. 11. P. 3817. https://doi.org/10.3390/electronics11223817
Ahmed S., Khan Z. A., Mohsin S. M., Latif S., Aslam S., Mujlid H., Adil M., Najam Z. Effective and efficient DDoS attack detection using Deep Learning algorithm, multi-layer perceptron // Future Internet. 2023. Vol. 15. N 76. https://doi.org/10.3390/fi15020076
Wald A. Sequential analysis. New York, USA: John Wiley & Sons, 1947. 212 p.
Orekhov A. V. Quasi-deterministic processes with monotonic trajectories and unsupervised machine learning // Mathematics. 2021. Vol. 9. N 2301. https://doi.org/10.3390/ math9182301
Lehmann E. L., Romano J. P. Testing statistical hypotheses. New York: Springer-Verlag, 2005. N XIV. 786 p.
Мазалов В. В. Математическая теория игр и приложения. СПб.: Лань, 2017. 448 с.
Булинский А. В., Ширяев А. Н. Теория случайных процессов. М.: Физматлит, Лаборатория базовых знаний, 2003. 400 с.
Shiryaev A. N. Optimal stopping rules. Berlin; Heidelberg: Springer-Verlag, 2008. N XII. 220 p. https://doi.org/10.1007/978-3-540-74011-7
Shorten R., Wirth F., Mason O., Wulff K., King C. Stability criteria for switched and hybrid systems // SIAM Review. 2007. Vol. 49. N 4. P. 545-592. https://doi.org/10.1137/05063516X
Hespanha J. P. Stochastic hybrid systems: application to communication networks. Hybrid systems: Computation and Control. HSCC 2004. Lecture Notes in Computer Science / eds by R. Alur, G. J. Pappas. Berlin; Heidelberg: Springer, 2004. Vol. 2993. P. 387-401. https://doi.org/10.1007/978-3-540-24743-2_26
Wu Sh.-J., Chu M. T. Markov chains with memory, tensor formulation, and the dynamics of power iteration // Applied Mathematics and Computation. 2017. Vol. 303. P. 226-239. https://doi.org/10.1016/j.amc.2017.01.030
References
Gu Q., Liu P. Denial of service attacks. Handbook of Computer Networks. Hoboken, New Jersey, John Wiley and Sons Publ., 2012, vol. 3, pp. 454-468. https://doi.org/10.1002/9781118256107.ch29
Burghouwt P., Spruit M., Sips H. Towards detection of botnet communication through social media by monitoring user activity. Information systems security. Eds by S. Jajodia, C. Mazumdar. ICISS 2011. Lecture Notes in Computer Science. Vol. 7093 . Berlin, Heidelberg, Springer Publ., 2011, pp. 131-143. https://doi.org/10.1007/978-3-642-25560-1_9
Schiller C. A., Binkley J., Harley D., Evron G., Bradley T., Willems C., Cross M. Botnets: The Killer Web Applications. 1st ed. Burlington, Virginia, Syngress Publ., February 15, 2007, 480 p.
Dzaferovic E., Sokol A., Almisreb A. A., Norzeli A. S. M. DoS and DDoS vulnerability of IoT: A review. Sustainable Engineering and Innovation, 2019, vol. 1(1), pp. 43-48. https://doi.org/10.37868/sei.v1i1.36
Alieyan K., Almomani A., Abdullah R., Almutairi B., Alauthman M. Botnet and Internet of Things (IoTs): A definition, taxonomy, challenges, and future directions. Security, privacy, and forensics issues in big data. Eds by R. Joshi, B. Gupta. Hershney, PA, IGI Global Publ., 2020, pp. 304-316. https://doi.org/10.4018/978-1-5225-9742-1.ch013
Dange S., Chatterjee M. IoT Botnet: The largest threat to the IoT network. Data Communication and Networks. Advances in Intelligent Systems and Computing. Eds by L. Jain, G. Tsihrintzis, V. Balas, D. Sharma. Singapore, Springer Publ., 2020, vol. 1049, pp. 137-157. https://doi.org/10.1007/978-981-15-0132-6_10
Alhammadi N. A. M., Zaboon K. H., Abdullah A. A. A review of the common DDoS attack: types and protection approaches based on artificial intelligence. Fusion: Practice and Applications, 2022, vol. 7, no. 1, pp. 8-14. https://doi.org/10.54216/FPA.070101
Bekeneva Ya. A. Analiz aktual'nykh tipov DDoS-atak i metodov zashchity ot nikh [Analysis of actual types of DDoS attacks and methods of protection against them]. Proceedings of St. Petersburg Electrotechnical University "LETI’’, 2016, no. 1, pp. 7-14. (In Russian)
Obaid H. S., Abeed E. H. DoS and DDoS attacks at OSI layers. International Journal of Multidisciplinary Research and Publications (IJMRAP), 2020, vol. 2, iss. 8, pp. 1-9.
Alashhab Z. R., Anbar M., Singh M. M., Hasbullah I. H., Jain P., Al-Amiedy T. A. Distributed denial of service attacks against cloud computing environment: survey, issues, challenges and coherent taxonomy. Appl. Sci., 2022, vol. 12, no. 12441. https://doi.org/10.3390/app122312441
Kleyman B. Why DDoS is more dangerous for cloud and data center providers. February 9, 2023. Available at: https://www.datacenterfrontier.com/sponsored/article/21545878/a10-why-ddos-is-more-dangerous-for-cloud-and-data-center-providers (accessed: February 20, 2023).
Evglevskaya N. V., Zuev A. Yu., Karasenko A. O., Lauta O. S. Sravnitel'nyi analiz effektivnosti sushchestvuiushchikh metodov zashchity setei sviazi ot DDoS atak [Comparative analysis of the effectiveness of existing methods of networks security from DDoS attacks]. Radio industry, 2020, vol. 30, no. 3, pp. 67-74. https://doi.org/10.21778/2413-9599-2020-30-3-67-74 (In Russian)
Aamir M., Zaidi M. A. A survey on DDoS attack and defense strategies: from traditional schemes to current techniques. Interdisciplinary Information Sciences, 2013, vol. 19(2), pp. 173-200. https://doi.org/10.4036/iis.2013.173
Mahajan D., Sachdeva M. DDoS attack prevention and mitigation techniques - a review. International Journal of Computer Applications, April 2013, vol. 67(19), pp. 21-24. https://doi.org/10.5120/11504-7221
Rustam F., Mushtaq M. F., Hamza A., Farooq M. S., Jurcut A. D., Ashraf I. Denial of service attack classification using machine learning with multi-features. Electronics, 2022, vol. 11, no. 3817. https://doi.org/10.3390/electronics11223817
Ahmed S., Khan Z. A., Mohsin S. M., Latif S., Aslam S., Mujlid H., Adil M., Najam Z. Effective and efficient DDoS attack detection using Deep Learning algorithm, multi-layer perceptron. Future Internet, 2023, vol. 15, no. 76. https://doi.org/10.3390/fi15020076
Wald A. Sequential Analysis. New York, USA, John Wiley & Sons Publ., 1947, 212 p.
Orekhov A. V. Quasi-deterministic processes with monotonic trajectories and unsupervised machine learning. Mathematics, 2021, vol. 9, no. 2301. https://doi.org/10.3390/ math9182301
Lehmann E. L., Romano J. P. Testing statistical hypotheses. New York, Springer-Verlag Publ., 2005, no. XIV, 786 p.
Mazalov V. V. Matematicheskaia teoriia igr i prilozheniia [ Mathematical game theory and applications ]. St. Petersburg, Lan' Publ., 2017, 448 p. (In Russian)
Bulinsky A. V., Shiryaev A. N. Teoriia sluchaynykh protsessov [ Theory of random processes ]. Moscow, Fizmatlit Laboratory of basic knowledge Publ., 2003, 400 p. (In Russian)
Shiryaev A. N. Optimal stopping rules. Berlin, Heidelberg, Springer-Verlag Publ., 2008, no. XII, 220 p. https://doi.org/10.1007/978-3-540-74011-7
Shorten R., Wirth F., Mason O., Wulff K., King C. Stability criteria for switched and hybrid systems. SIAM Review, 2007, vol. 49, no. 4, pp. 545-592. https://doi.org/10.1137/05063516X
Hespanha J. P. Stochastic hybrid systems: application to communication networks. Hybrid Systems: Computation and Control. HSCC 2004. Lecture Notes in Computer Science. Eds by R. Alur, G. J. Pappas. Berlin, Heidelberg, Springer Publ., 2004, vol. 2993, pp. 387-401. https://doi.org/10.1007/978-3-540-24743-2_26
Wu Sh.-J., Chu M. T. Markov chains with memory, tensor formulation, and the dynamics of power iteration. Applied Mathematics and Computation, 2017, vol. 303, pp. 226-239. https://doi.org/10.1016/j.amc.2017.01.030
Downloads
Published
2023-07-27
How to Cite
Orekhov, A. V., & Orekhov, A. A. (2023). Network traffic anomalies automatic detection in DDoS attacks. Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes, 19(2), 251–263. https://doi.org/10.21638/11701/spbu10.2023.210
Issue
Section
Computer Science
License
Articles of "Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes" are open access distributed under the terms of the License Agreement with Saint Petersburg State University, which permits to the authors unrestricted distribution and self-archiving free of charge.
