Using the method of nonlinear recursive analysis for detecting DDOS anoma-lies in time series data

Abstract

This research endeavors to address this gap by determining a qualitative char-acteristic for server network traffic and use it to construct the corresponding recur-rence plot (RP). The goal of this study is to develop and assess a novel technique based on nonlinear recursive analysis to detect Distributed Denial of Service (DDoS) anomalies in network traffic time series data. With the increasing frequency of DDoS attacks on modern digital infrastructures, there is a pressing need for more efficient and accurate detection methods. There has been some attempts to apply nonlinear analysis to network traffic [2-4], but those studies lack critical steps in determining parameters for embedding space dimension and delay time . More recent studies have explored machine learning and deep learning approaches [7], which offer improved accuracy but can be computationally intensive and require extensive training data. Despite the advance-ments, there remains a need for a method that is both accurate and efficient, espe-cially in real-time detection scenarios. The researchers employed nonlinear recursive analysis by estimating RQA pa-rameters and determining a qualitative characteristic of data points of DDoS attack contained in CIC-IDS2017 dataset. A technique for determining hidden information for this series and its use for constructing the corresponding recurrence diagram (RP) at the points of information retrieval are described. It is shown that the use of RP has significant drawbacks associated with the visualization of information on a computer monitor screen, so another way of research is proposed - the calculation of numerical indicators of RP The given calculated RP indicators made it possible to typify the received data and determine the type, which was named "DDOS-RP", which makes it possible to distinguish some types of DoS/DDoS type attacks. The study concludes by recom-mending further exploration of this method in diverse network environments and against more complex DDoS attack patterns.