Models of monitoring of self-like traffic of information and communication networks for attack detection systems

Authors

  • V. Korniienko
  • O. Gerasina
  • D. Tymofieiev
  • O. Safarov
  • Y. Kovalova

Keywords:

attack detection systems, self-similar traffic, multifractal wavelet models, adaptive filter-approximators, autoregressive models

Abstract

Autoregressive, fractal and multifractal models of network self-similar traffic are con-sidered, which allow to form an adequate reference model (template) of "normal" traffic and to detect traffic anomalies in attack detection and prevention systems. Models of fractal Brownian motion and fractal Gaussian noise were considered as models of fractal motions, because they have self-similarity and long-term dependence properties that correspond to the properties of experimental data, as well as the possibility of their analytical interpretation. When evaluating and identifying processes for the implementation of autoregressive models use adaptive filters-approximators, among which there are neural network and neuro-wavelet. The following were used as multifractal models: a multifractal wavelet model with a beta distribution and a hybrid multifractal wavelet model in which the beta distribution is used on a coarse scale and the dis-tribution of point masses on an accurate scale By modeling as a result of adaptation and learning of models, autocorrelation functions, spectra and variances of model signals qualitatively correspond to the graphs of the experimental signal. In addition, the qualitative and numerical values of the characteristics of the model signals generally correspond to the characteristics of the experimental signal. In this case, beta multifractal wavelet models have a smaller error of determination of characteristics than hybrid multifractal wavelet models, and the relative root mean square error of approximation of the experimental signal using a neural network adaptive filter approximator does not exceed 0.046. Statistical verification by non-parametric criterion of signs allowed to establish the adequacy of experimental and model signals with a significance level of 0.01. Further research should be aimed at developing and using predictive models of self-similar traffic in attack detection and prevention systems, which will increase the efficiency of attack detection.

References

Problemy zakhystu krytychno vazhlyvykh obiektiv infrastruktury / N. Lukova-Chuiko, V. Nakonechnyi, S. Toliupa, R. Ziubina // Bezpeka informatsiinykh system i tekhnolohii. – 2020. – № 1(2). – P. 31-39.

Branytskyi А.А. Analiz i klassifikaciya metodov obnaruzheniya setevykh atak / А.А. Branytskyi, I.V. Kotenko // Trudy SPIIRAN. – 2016. – № 2(45). – P. 207-244. [Electronic resource] – Access mode: www.proceedings.spiiras.nw.ru.

Nosenko K.M. Ohliad system vyiavlennia atak v merezhevomu trafiku / K.M. Nosenko, O.I. Pivtorak, T.A. Likhouzova // Mizhvidomchyi naukovo-tekhnichnyi zbirnyk «Adaptyvni systemy avtomatychnoho upravlinnia». – 2014. – № 1(24). –

P. 67-75.

Dovbeshko S.V. Zastosuvannia metodiv intelektualnoho analizu danykh dlia pobudovy system vyiavlennia atak / S.V. Dovbeshko, S.V. Toliupa, Ya.V. Shestak // Suchasnyi zakhyst informatsii. – 2019. – № 1(37). – P. 6-15.

Smirnov A. Imitacionnaya model' NIPDS dlya obnaruzheniya i predotvrashcheniya vtorzhenij v telekommunikacionnykh sistemakh i setyakh / A. Smirnov, Yu. Drejs, D. Danilenko // Ukrainian Scientific Journal of Information Security. – 2014. – Vol. 20, issue 1. – P. 29-35.

Lazarenko S.V. Osoblyvosti funktsionuvannia system vyiavlennia atak na avtomatyzovani systemy / S.V. Lazarenko // Suchasnyi zakhyst informatsii. – 2015. – № 1. – P. 33-40.

Hulak H.M. Model systemy vyiavlennia vtorhnen z vykorystanniam dvostupen-evoho kryteriiu vyiavlennia merezhevykh anomalii / H.M. Hulak, V.V. Semko, P.M. Skladannyi // Suchasnyi zakhyst informatsii. – 2015. – №4. – P. 81-85.

Razrabotka modeli intellektual'nogo raspoznavaniya anomalij i kiberatak s ispol'zovaniem logicheskikh procedur, baziruyushchikhsya na pokrytiyakh matric priznakov / G. Beketova, B. Akhmetov, A. Korchenko, V. Lakhno // Ukrainian Scien-tific Journal of Information Security. – 2016. – Vol. 22, issue 3. – P. 242-254.

Petrov O. Metod ta model intelektualnoho rozpiznavannia zahroz informatsiino-komunikatsiinomu seredovyshchu transportu / O. Petrov, O. Korchenko, V. Lakhno // Ukrainian Scientific Journal of Information Security. – 2015. – Vol. 21, issue 1. –

P. 26-34.

Karachanskaya E.V. Metod vyyavleniya anomalij setevogo trafika, osnovannyj na ego samopodobnoj strukture / E.V. Karachanskaya, N.I. Sosedova // Bezopasnost' informacionnykh tekhnologij. – 2019. – С. 98-110. [Electronic resource] – Access mode: https://bit.mephi.ru/index.php/bit/article/view/1185.

Korniienko V.I. Intelektualne modeliuvannia neliniinykh dynamichnykh prots-?siv v systemakh keruvannia, kiberbezpeky, telekomunikatsii: pidruchnyk / V.I. Korniienko, O.Yu. Husiev, O.V. Herasina; za zah. red. V.I. Korniienka; M-vo osvity i nauky Ukrainy, Nats. tekhn. un-t «Dniprovska politekhnika». – Dnipro : NTU «DP», 2020. – 536 p.

A multifractal wavelet model with application to network traffic / R.H. Riedi, M.S. Crouse, V. Ribeiro, R.G. Baraniuk // IEEE Transactions on Information Theory. – 1999. – V. 45. – P. 992-1018.

Arkhiv trafiku [Electronic resource] – Access mode: http://ita.ee.lbl.gov.

Published

2021-12-10