МЕТОД ВЫЯВЛЕНИЯ АНОМАЛИЙ В СЕТЕВОМ ТРАФИКЕ

Abstract

Introduction. Computer networks (CN) are highly developed systems with a multi-level hierarchical structure. The use of information and communication technologies in the CN to collect information allows an attacker to influence networks through cyber-attacks. This is facilitated by the massive use of outdated operating systems, ineffective protection mechanisms and the presence of multiple vulnerabilities in unsecured network protocols. Such vulnerabilities help a potential attacker to change the settings of network devices, listen and redirect traffic, block network interaction and gain unauthorized access to the internal components of the CN. The impact of cyber-attacks leads to the appearance of abnormal traffic activity in the CN. For its constant monitoring and detection in the CN, it is necessary to take into account the presence of a large number of network routes, on which sharp fluctuations in data transmission delays and large packet losses periodically occur, new properties of network traffic appear, which requires ensuring high quality of application service. All this served as an incentive to search for new methods of detecting and predicting cyber-attacks fractal analysis can also be attributed to them. The aim of the work is to develop a conceptual method for detecting anomalies caused by cyber-attacks in network traffic through the use of fractal analysis. Methods used. The main provisions of the fractal theory and the use of self-similarity assessment methods proposed by this theory, such as the extended Dickey-Fuller test, R/S analysis and the DFA method, are applied. When testing fractal methods that allow conducting studies of long-term dependencies in network traffic. The scientific novelty lies in the fact that the proposed method correctly identifies anomalies caused by the impact of cyber-attacks, and also allows you to predict and detect both known and unknown computer attacks at an early stage of their manifestation. Practical significance. The presented methodology can be used as an early detection system for cyber-attacks, based on the detection of anomalies in network traffic and the adoption of effective measures to protect the network.