METHOD OF DETECTING NETWORK ATTACKS BASED ON ANALYSIS OF TRAFFIC TIME STRUCTURE Russian patent published in 2019 - IPC G06F21/55 H04L12/70 

FIELD: information technology.

SUBSTANCE: invention relates to the field of information systems protection, in particular to the detection of computer attacks. Method of detecting network attacks based on the analysis of the traffic time structure includes the steps in which a sequence of data packets is received from a network, the received data packets are stored, their characteristics are extracted from the stored data packets, and the characteristic values are formed on the basis of these characteristics, at the training stage, threshold values are established for signs, at the stage of detection, the formed values of characteristics are compared with their threshold values, a decision is made about the presence or absence of a network attack, and the type of a single network attack is determined by a combination of the generated characteristic values and their threshold values, while selecting from the stored data packets of their characteristics is carried out by logical filtering the parameters of these packages, selecting packages with different sets of parameters and selecting for them only dynamic characteristics, the value of the characteristic is formed by generating values of the first and second traffic reference signals, wherein the first traffic reference signals are generated in the form of timing of statistics of selected characteristics, and the second traffic reference signals are generated orthogonal to the first, transforming them with a finite impulse response filter such that the timing of the second reference signals depends only on the central differences of the timing of the first reference signals, phase portraits of traffic are formed in normal and attacked states, and threshold values for features are set.

EFFECT: expansion of DDoS-attack detection functional capabilities.

11 cl, 6 dwg