Ensuring the survivability of embedded computer networks based on early detection of cyber attacks by integrating fractal analysis and statistical methods

Abstract

The paper discusses a method for ensuring the survivability of embedded computer networks in conditions of cyber attacks, based on identifying anomalies in network traffic by assessing its self-similarity and determining the type of impact of cyber attacks using statistical methods. The proposed method includes three stages, at which the analysis of the self-similarity property for the reference traffic is performed (using the Dickey-Fuller test, R/S analysis and the DFA method), the analysis of the self-similarity property for real traffic (by the same methods) and additional processing of time series with statistical methods (moving average, Z-Score and CUSUM methods). The issues of software implementation of the proposed method and the formation of a data set containing network packets are considered. The experimental results demonstrated the presence of self-similarity in network traffic and confirmed the high efficiency of the proposed method. The method allows detecting cyber attacks in real or near real time and ensures high survivability of the embedded computer network.