Application of statistical methods for predicting udp-flood attacks

Abstract

Aim . Web resources are an integral part of modern human life. Today, these resources are increasingly exposed to hacker attacks, such as the introduction of SQL operators, crosssite scripting, etc. DDoS attacks continue to be included in the top 10 network attacks that lead to serious failures of web resources. The most common type of DDoS attack is UDP-flood attacks based on the endless sending of UDP packets to the ports of various UDP services. Our empirical study was based on the following factors: the lack of effective means of protection against DDoS attacks, the specificity of UDP-flood attacks, and the lack of prediction models that adequately describe the process under study. The aim of this study was to increase the level of security of web resources by means of timely detection of anomalies in their work, detection of information security threats based on analysis and forecasting methods. The research object was UDP-flood attacks. Methods . Correlation analysis and modelling methods were used to calculate the seasonal index of UDP-flood attacks and the autocorrelation of the time series of this type of attack. The forecast of UDP-flood attacks was built based on simple exponential smoothing and neural network forecasting models. Results . A classification of DDoS attacks was proposed, along with possible protection approaches. Using a correlation analysis, the forecast values of the impact of UDP-flood attacks against web resources were calculated, and the seasonal factor was identified. The analysis of the forecast results showed that the spread of forecast values was not significant; the largest number of attacks is expected in the fourth quarter of 2020. For DDoS attacks lasting up to 20 minutes, seasonality was also detected in the first quarter of the calendar year, which means that the largest number of attacks of this duration should be expected in the first quarter of 2020. Conclusion . In order to improve the level of protection against DDoS attacks, further research should be aimed at developing methods for combating UDP-flood attacks and algorithms increasing the information security of web resources, as well as implementing measures to improve the security of web-based resources.