Affiliation:
1. Saint Petersburg State University of Aerospace Instrumentation
Abstract
Aim. The effects of cyber attacks cause failures of network elements, theft of information and other unlawful actions. Cyber attacks are often accompanied by untypical traffic activity and anomalies. The paper aims to develop an approach to detecting anomalies in network traffic by identifying the degree of self-similarity of the traffic using fractal analysis and statistical methods. Methods. The paper uses methods of mathematical statistics, mathematical analysis, fractal analysis. Results. The paper suggests an approach to identifying anomalies in network traffic by evaluating self-similarity and using statistical methods for improving the accuracy of cyber attack detection. At the first stage, the Hurst exponent is calculated for the reference traffic. At the second stage, actual traffic is divided into optimal time intervals; for each interval, the Hurst exponent is calculated. If the identified value of the Hurst exponent differs from the one obtained for the reference traffic, it is decided that there is an anomaly. At the final stage, statistical analysis is used in order to precisely localise the anomaly. The authors analysed fractal and statistical methods that resulted in the identification of more efficient methods to be used as part of the proposed approach. For fractal analysis, the DFA method was proposed, while for statistical analysis, the ARFIMA method was proposed. Conclusion. The suggested approach allows identifying cyber attacks in real time or near-real time.
Reference18 articles.
1. Perov R.A., Lauta O.S., Kribel A.M., Fedulov Yu.V. Complex method for detecting cyber attacks based on integration of fractal analysis and statistical methods. High Tech in Earth Space Research 2022;2:44-51. DOI: 10.36724/2409-5419-2022-14-2-44-51. (in Russ.)
2. Uskov E.D., Korepanova N.L. [Analysis of informative features of network traffic anomalies in corporate networks]. Modern innovations 2019;3(31):13-16. (in Russ.)
3. Suvorov A.O., Suvorova V.A. [Data mining of network traffic for identifying computer intrusions]. Iskusstvenniy Intellekt i Prinyatie Resheniy 2019;1:62-73. DOI: 10.14357/20718594190106. (in Russ.)
4. Barsukov I.S., Riapolov M.P., Bobreshov A.M. [An algorithm for analysing fractal properties of traffic for detecting network anomalies]. [Radar location, navigation, communication: Proceedings of the XXVI International Science and Engineering Conference] 2020;4:302-311. (in Russ.)
5. Barsukov I.S., Riapolov M.P., Bobreshov A.M. [Using fractal properties of network traffic for detecting LDoS attacks in dedicated server networks]. Nelineyny mir 2019;17(2):34-39. DOI: 10.18127/j20700970-201902-04. (in Russ.)