A technique for early detection of cyberattacks using the traffic self-similarity property and a statistical approach

The paper discusses a technique for detecting cyberattacks on computer networks, based on identifying anomalies in network traffic by assessing its self-similarity and determining the impact of cyber attacks using statistical methods. The proposed technique includes three stages, at which the analysis of the self-similarity property for the reference traffic is performed (using the methods of the Dickey-Fuller test, rescaled range, and detrended fluctuation), the analysis of the self-similarity property for the real traffic (by the same methods) and additional processing of time series with statistical methods (methods of moving average, Z-Score, and CUSUM). The issues of software implementation of the proposed approach and the formation of a dataset containing network packets are considered. The experimental results demonstrated the presence of self-similarity in network traffic and confirmed the high efficiency of the proposed method. This technique allows detecting cyberattacks in real or near real time.

[1]  I. Good,et al.  Fractals: Form, Chance and Dimension , 1978 .

[2]  Walter Willinger,et al.  On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .

[3]  Walter Willinger,et al.  A Bibliographical Guide to Self-Similar Traffic and Performance Modeling for Modern High-Speed Netwo , 1996 .

[4]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[5]  Walter Willinger,et al.  Self-Similar Network Traffic and Performance Evaluation , 2000 .

[6]  H. Korn,et al.  Is there chaos in the brain? I. Concepts of nonlinear dynamics and methods of investigation. , 2001, Comptes rendus de l'Academie des sciences. Serie III, Sciences de la vie.

[7]  K. Rasheed,et al.  HURST EXPONENT AND FINANCIAL MARKET PREDICTABILITY , 2005 .

[8]  M. Cao,et al.  A Method of Detecting Seismic Singularities Using Combined Wavelet with Fractal , 2005 .

[9]  Oleg I. Sheluhin,et al.  Self-Similar Processes in Telecommunications , 2007 .

[10]  Cheolwoo Park,et al.  Robust estimation of the Hurst parameter and selection of an onset scaling. , 2009 .

[11]  S. M. Shahrtash,et al.  Security assessment for a cumulative sum-based fault detector in transmission lines , 2011, 2011 10th International Conference on Environment and Electrical Engineering.

[12]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[13]  S. Hansun A new approach of moving average method in time series analysis , 2013, 2013 Conference on New Media Studies (CoNMedia).

[14]  Dhruba Kumar Bhattacharyya,et al.  Self-similarity based DDoS attack detection using Hurst parameter , 2016, Secur. Commun. Networks.

[15]  Mohamed Guerroumi,et al.  Semi-supervised Statistical Approach for Network Anomaly Detection , 2016, ANT/SEIT.

[16]  Igor V. Kotenko,et al.  Detection of traffic anomalies in multi-service networks based on a fuzzy logical inference , 2016, IDC.

[17]  Igor V. Kotenko,et al.  Parallel big data processing system for security monitoring in Internet of Things networks , 2017, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[18]  Denise McGrath,et al.  Fractals , 2018, Nonlinear Analysis for Human Movement Variability.

[19]  Eric Tutu Tchao,et al.  On Distributed Denial of Service Current Defense Schemes , 2019, Technologies.

[20]  Igor Saenko,et al.  Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering , 2019 .

[21]  Nuno Neves,et al.  BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks , 2019, Future Gener. Comput. Syst..

[22]  Igor V. Kotenko,et al.  Attack Detection in IoT Critical Infrastructures: A Machine Learning and Big Data Processing Approach , 2019, 2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP).

[23]  Mudhafar M. Al-Jarrah,et al.  PIN Authentication Using Multi-Model Anomaly Detection in Keystroke Dynamics , 2019, 2019 2nd International Conference on Signal Processing and Information Security (ICSPIS).

[24]  W. Hager,et al.  and s , 2019, Shallow Water Hydraulics.

[25]  J. Bec,et al.  Fractal catastrophes , 2019, New Journal of Physics.

[26]  Igor Saenko,et al.  Increasing the Sensitivity of the Method of Early Detection of Cyber-Attacks in Telecommunication Networks Based on Traffic Analysis by Extreme Filtering , 2020 .

[27]  V. Bidoli,et al.  Sh , 2019, Fat Art, Thin Art.