FIELD: information technology.
SUBSTANCE: invention relates to a method of detecting anomalies in main Internet traffic based on multifractal heuristic analysis. Method includes multifractal heuristic analysis of time series generated from parameters of network traffic collected from backbone routers and having undergone preliminary processing. At that, time series are formed from such parameters of network traffic as network packet size, number of network packets in stream, type of network protocol of transport level, number of network protocol packets of each type, number of outgoing and incoming connections for a host. Table with normal multifractal characteristics for each time series is generated in a database located on a database server. For each multifractal characteristic of each time series, the value of the maximum permissible deviation from the normal value is recorded in the database, after which the time series are distributed between the simultaneously operating computational nodes of the high-performance server. At each server computer unit, over each time series, multifractal characteristics are calculated, such as the width of the multifractal spectrum, the width of the left spectrum "branch", the width of right spectrum "branch", height of left spectrum "branch", height of right spectrum "branch". At that, for each time series there performed is checking for deviation of multifractal characteristics values from normal values. If the values of three or more multifractal characteristics deviate from the normal values by more than the value of the maximum allowable deviation, an anomaly warning is generated.
EFFECT: high accuracy of detecting network attacks owing to parallel calculation of multifractal characteristics of network traffic, which enable to estimate changes in main traffic, typical for different types of network attacks.
1 cl, 2 dwg, 1 tbl
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD FOR DETECTING ANOMALOUS WORK OF NETWORK SERVER (OPTIONS) | 2016 |
|
RU2630415C2 |
| METHOD FOR AUTOMATIC CLASSIFICATION OF NETWORK TRAFFIC BASED ON HEURISTIC ANALYSIS | 2018 |
|
RU2690758C1 |
| SYSTEM AND METHOD OF REDUCING FALSE RESPONSES WHEN DETECTING NETWORK ATTACK | 2011 |
|
RU2480937C2 |
| METHOD OF DETECTING NETWORK ATTACKS BASED ON ANALYZING FRACTAL TRAFFIC CHARACTERISTICS IN AN INFORMATION COMPUTER NETWORK | 2019 |
|
RU2713759C1 |
| SOFTWARE-HARDWARE SYSTEM FOR DATA EXCHANGE OF AUTOMATED SYSTEMS | 2020 |
|
RU2727090C1 |
| PROTECTION METHOD OF VEHICLE CONTROL SYSTEMS AGAINST INTRUSIONS | 2019 |
|
RU2737229C1 |
| METHOD FOR DETECTING MALICIOUS SOFTWARE AND ELEMENTS | 2015 |
|
RU2613535C1 |
| METHOD AND SYSTEM TO IDENTIFY NETWORK PROTOCOLS BASED ON DESCRIPTION OF CLIENT-SERVER INTERACTION | 2012 |
|
RU2485705C1 |
| METHOD OF PROTECTING SERVICE SERVER FROM DDOS ATTACKS | 2021 |
|
RU2768536C1 |
| METHOD FOR USING A MODEL OF THE IoT APPARATUS TO DETECT ANOMALIES IN THE OPERATION OF THE APPARATUS | 2021 |
|
RU2772072C1 |
