Detection of Anomalies in the Traffic of Information and Telecommunication Networks Based on the Assessment of its Self-Similarity

The prevailing traffic models based on Markov processes have a short-term dependence and, as applied to computer networks, led to an underestimation of the load. Fractal properties of network traffic looks the same with a sufficiently large scale of the time axis, exhibits a long-term dependence, an...

Full description

Saved in:
Bibliographic Details
Published in2020 International Russian Automation Conference (RusAutoCon) pp. 713 - 718
Main Authors Kribel, Aleksander, Saenko, Igor, Kotenko, Igor
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.09.2020
Subjects
Automation
Computational modeling
Computer security
fractal
Fractals
Hurst exponent
network traffic
network traffic anomalies
self-similarity
Telecommunication traffic
Time series analysis
Online AccessGet full text

Cover

More Information
Summary:The prevailing traffic models based on Markov processes have a short-term dependence and, as applied to computer networks, led to an underestimation of the load. Fractal properties of network traffic looks the same with a sufficiently large scale of the time axis, exhibits a long-term dependence, and are more preferable for solving the computer security tasks. The paper presents a method for detecting network traffic anomalies based on the assertion that traffic is a fractal. It is assumed that network traffic is a self-similar structure and is modeled by a fractal Brownian motion. Fractal analysis and mathematical statistics were used as tools in the development of this method. Experimental testing showed a rather high accuracy of the method and its ability to detect network traffic anomalies caused by DoS attacks.
DOI:10.1109/RusAutoCon49822.2020.9208147