Methods for detecting statistical changes in network traffic characteristics
DOI:
https://doi.org/10.34185/1562-9945-2-139-2022-02Keywords:
information system, network traffic, statistical methods, cybersecurityAbstract
Network flows of information systems (IS) are characterized by certain quantitative characteristics. They contain information about network load, the quality of communication between nodes, and many other service information. For example, an attacker can use this service information to prepare for a cyberattack. When an attack is already being carried out, network traffic is filled with additional atypical information. In other words, the values of its quantitative characteristics change. Therefore, quantitative indicators of these characteristics can indirectly monitor the atypical behavior of network nodes. For example, by the number of requests of the same type per unit of time. Such an event may occur, for example, when the network scanner is running or during a denial-of-service attack. To detect such events, special software packages are used, such as intrusion detection systems. These systems use a variety of algorithms in their work, which are based on statistical methods, neural networks, fuzzy logic Automata, and others. The type of mathematical processing depends on the complexity of the problem, the level of the protocol being observed, and the preferences of the detection system developer. Sometimes statistical methods for analyzing metrics can be simpler and faster to implement than others, because they do not contain a large number of mathematical operations. This can allow you to monitor the state of the IP in real time. And timely detection of changes in the state of the IP allows you to avoid malfunctions. One of the signs of a change in the system state is the release of values of quantitative indicators of network traffic parameters. Therefore, this task is urgent and requires further development and improvement. In this paper, it is investigated that using the Chauvet criterion, it is possible to detect outliers with high probability in small time series with a probability distribution that differs from the normal one.
References
Kobzar A. I. Applied mathematical statistics/ A. And yu Kobzar - M. : FIZMATLIT, 2006. - 816 p.
Tolyupa S.V., Shtanenko S.S., Berestovenko G.V. Klasifikatsiyni signs of systems for detecting attacks that are direct xx pobudovi. Zbirnik naukovikh prats VITI No. 3 - 2018.
Malaychuk V.P., Klimenko S.V., Astakhov D.S. Computer information technolo-gies of measurement processing in monitoring and control tasks. "System Technology" 4 (129) 2020.
