FIELD: physics.
SUBSTANCE: invention relates to the computer equipment. Method of protection against DDoS attacks based on traffic classification is disclosed, which includes the steps of: receiving packets or packet streams from external devices attempting to access protected devices in a secure network; classifying received packets, determining whether they relate to one or more of the many types of traffic; applying countermeasures depending on the result of the classification. At the stage of classification: forming probabilistic statistics separately on the values of parameters as address fields of data packet headers, as well as the values of the characteristics of load fields thereof, forming the values of the address informative features as packets of the variability of the values of the parameters of the address fields of the data packet headers; estimating for representative samples and memorizing for all given types of traffic frequencies (empirical probabilities) of all formed targeted informative features; forming the values of the load informative features by packet streams as functions of the variability of the parameter values of the load fields of data packet headers; estimating for representative samples and remember for all given types of traffic frequencies (empirical probabilities) of all generated informative load characteristics; forming the likelihood values of belonging sets of values of address and load informative features to a given type of traffic based on their estimated frequencies; registering the flow of traffic packets and producing the additions thereto successively, forming a sequence of sets of values of address and load informative features; assessing the likelihood values of belonging to a sequence of sets of values of address and load informative features to a given type of traffic; assessing the likelihood of attributing traffic to a given type of attack; making the selection of the minimum value of the number of observations that provide in advance the specified values of the detection errors of the 1st and 2nd kinds for all estimated likelihood ratios, varying the number of added traffic packets; estimating the posterior probabilities of the specified types of traffic for each received packet stream; at the stage of applying multiple countermeasures, for each received packet stream, the estimated a posteriori probabilities of the specified types of traffic are taken into account.
EFFECT: technical result is an extension of the functionality of methods for detecting DDoS attacks and countering them by providing the ability to detect network attacks of various types on the basis of joint consideration of probabilistic statistics, formed separately by the values of parameters of both the address fields of the data packet headers and the load fields.
4 cl, 5 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF DETECTING NETWORK ATTACKS BASED ON ANALYSIS OF TRAFFIC TIME STRUCTURE | 2017 |
|
RU2680756C1 |
| METHOD FOR DETECTING DESTABILIZING EFFECT ON COMPUTER NETWORK | 2015 |
|
RU2611243C1 |
| METHOD OF DETECTING NETWORK ATTACKS BASED ON ANALYZING FRACTAL TRAFFIC CHARACTERISTICS IN AN INFORMATION COMPUTER NETWORK | 2019 |
|
RU2713759C1 |
| METHOD OF COMPUTER NETWORKS PROTECTION | 2018 |
|
RU2680038C1 |
| METHOD FOR DETECTING NORMAL REACTIONS OF COMPUTER NETWORK NODES TO NETWORK PACKETS RELATED TO UNKNOWN TRAFFIC | 2022 |
|
RU2802164C1 |
| METHOD OF PROTECTING COMPUTER NETWORKS | 2018 |
|
RU2690749C1 |
| METHOD OF PROTECTING COMPUTER NETWORKS | 2018 |
|
RU2696330C1 |
| VOLUME DDOS ATTACKS PROTECTION SYSTEM AND METHOD | 2022 |
|
RU2791869C1 |
| METHOD OF PROTECTING COMPUTER NETWORKS | 2018 |
|
RU2686023C1 |
| METHOD FOR DYNAMIC FILTRATION OF INTERNET PROTOCOL DATAGRAMS | 2013 |
|
RU2580808C2 |
