Abstract
The paper presents a method for detecting network traffic anomalies taking into account its self-similar structure. It is assumed that network traffic is a self-similar structure and is modeled by fractal Brownian motion. Existing methods of detecting network anomalies are studied. The result of scientific work is a new method for detecting network traffic anomalies. This method is based on a semi-controlled method of anomaly detection, which allows the process to be almost autonomous from human intervention. In addition, the method can be classified as a group of statistical methods, which makes it quite easy to implement. In contrast to the existing methods, this method uses samples of optimal volumes obtained in the minimum but sufficient time. This anomaly detection algorithm consists of two parts: calculation of samples (reference values) and comparison of the received traffic with the standard (analysis of network traffic anomalies). The calculation of standards is based on the calculation of the values of the self-similarity parameter (Hurst parameter) for some indicators from the package headers. The algorithm of anomaly search underlying the method can be used both to search for incoming anomalies (network attacks) and to search for anomalies in outgoing traffic (DLP-system).
Highlights
Method for detection of network traffic anomalies which is based on its self-similar traffic structure
The paper presents a method for detecting network traffic anomalies taking into account its selfsimilar structure
It is assumed that network traffic is a self-similar structure and is modeled by fractal Brownian motion
Summary
МЕТОД ВЫЯВЛЕНИЯ АНОМАЛИЙ СЕТЕВОГО ТРАФИКА, ОСНОВАННЫЙ НА ЕГО САМОПОДОБНОЙ СТРУКТУРЕ. Целью данной статьи является представление метода выявления аномалий сетевого трафика, основанного на утверждении о том, что трафик является фракталом. Предположено, что сетевой трафик является самоподобной структурой и моделируется фрактальным броуновским движением. Проведен анализ существующих методов выявления сетевых аномалий на предмет их недостатков. Результатом работы является модифицированный метод выявления аномалий сетевого трафика. Данный метод относится к полуконтролируемой методике обнаружения аномалий, что позволяет процессу быть практически автономным от человеческого вмешательства. Метод можно отнести к группе статистических методов, что делает его достаточно простым в реализации. Данный алгоритм выявления аномалий состоит из двух частей: расчета образцов (эталонных значений) и сравнения получаемого трафика с эталоном (анализ аномалий сетевого трафика). Ключевые слова: сетевой трафик, фрактал, аномалии сетевого трафика, параметр Хёрста, самоподобие. Method for detection of network traffic anomalies which is based on its self-similar traffic structure
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.