Using the method of nonlinear recursive analysis for detecting DDOS anoma-lies in time series data


  • Hulyi Taras
  • Belozyorov Vasily



recurrent analysis, network traffic, time series, recurrent diagram, delay parameter, dimension of the nesting space, RQA analysis, Matlab environment


This research endeavors to address this gap by determining a qualitative char-acteristic for server network traffic and use it to construct the corresponding recur-rence plot (RP). The goal of this study is to develop and assess a novel technique based on nonlinear recursive analysis to detect Distributed Denial of Service (DDoS) anomalies in network traffic time series data. With the increasing frequency of DDoS attacks on modern digital infrastructures, there is a pressing need for more efficient and accurate detection methods. There has been some attempts to apply nonlinear analysis to network traffic [2-4], but those studies lack critical steps in determining parameters for embedding space dimension and delay time . More recent studies have explored machine learning and deep learning approaches [7], which offer improved accuracy but can be computationally intensive and require extensive training data. Despite the advance-ments, there remains a need for a method that is both accurate and efficient, espe-cially in real-time detection scenarios. The researchers employed nonlinear recursive analysis by estimating RQA pa-rameters and determining a qualitative characteristic of data points of DDoS attack contained in CIC-IDS2017 dataset. A technique for determining hidden information for this series and its use for constructing the corresponding recurrence diagram (RP) at the points of information retrieval are described. It is shown that the use of RP has significant drawbacks associated with the visualization of information on a computer monitor screen, so another way of research is proposed - the calculation of numerical indicators of RP The given calculated RP indicators made it possible to typify the received data and determine the type, which was named "DDOS-RP", which makes it possible to distinguish some types of DoS/DDoS type attacks. The study concludes by recom-mending further exploration of this method in diverse network environments and against more complex DDoS attack patterns.


Palmeieri, F. & Fiore, U. Network anomaly detection through non-linear analysis. Computers Security, 2010, 29(7), 737-55.

Somenath Mukherjeea, Rajdeep Ray, Rajkumar Samantac, Mofazzal H. Khondekar ,Goutam Sanyal Nonlinearity and chaos in wireless network traffic Chaos, Solitons and Fractals 96 (2017) 23–29

N. Jeyanthi, R. Thandeeswaran, J. Vinithra RQA Based Approach to Detect and Prevent DDoS Attacks in VoIP Networks CYBERNETICS AND INFORMATION TECHNOLOGIE Volume 14, No 1 11-24 DOI: 10.2478/cait-2014-0002

Yun Chen Shijie Sum, Hui Yang Convolutional Neural Network Analysisof Recurrence Plots for Anomaly Detection International Journal of Bifurcation and Chaos, Vol. 30, No. 1 (2020) 2050002 (13 pages)

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018

Chandola, V.; Banerjee, A. & Kumar, V. Anomaly detection: A survey. ACM Computing Surveys, 2009,41(3), 1-58.

Hodge, V. & Austin, J. A survey of outlier detection methodologies. Art. Intel. Revi., 2004, 22(2), 85-126

Mahoney, M. Network traffic anomaly detection based on packet bytes. In Proceedings of ACM Symposium on Applied Computing, 2003, pp. 346-50.

Mekler A.A. Application of the Apparatus for Nonlinear Analysis of Dynamic Systems for EEG Signal Processing // Actual Problems of Modern Mathematics: Scientific Notes. p / ed. prof. Kalashnikova E.V., ed. LGU them. A.S. Pushkin, St. Petersburg, 2004. T. 13 (issue 2), p. 112-140.