FIELD: data processing.
SUBSTANCE: invention relates to a method of detecting network attacks based on analyzing fractal traffic characteristics in an information network, and at the network input, a monitoring means is configured to receive incoming traffic and process data. Method comprises: setting a time sampling interval, a value of the scaling multiplier, a width of the temporary sliding window, a threshold value for the Hurst H value; (A) receiving incoming traffic using a monitoring means; using the monitoring means, traffic filtering by excluding from the application level data protocol headers of the lower layers; calculating, using traffic intensity value monitoring means at time sampling interval; calculating, for the last three traffic intensity values, scaled traffic intensity values by multiplying each value by a scaling factor, a polyline curvature factor based on scaled traffic intensity values; calculating the total curvature of the polygonal line based on the values of its curvature, fixed in the sliding window for the last and previous time instants; calculating geometrical fractality index value; calculating the Hurst H value using the reduced expression, if the calculated Hurst H value is below the threshold value, the time sliding window is shifted by one time sampling interval; proceeding to step A; decision is taken on the fact of presence of computer attack.
EFFECT: technical result consists in enabling detection of computer attacks of different types by analyzing in real time fractal characteristics of intensity of incoming traffic without preliminary determination of its statistical characteristics.
1 cl, 5 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF DETECTING ANOMALIES IN TRAFFIC OF MAIN INTERNET NETWORKS BASED ON MULTIFRACTAL HEURISTIC ANALYSIS | 2018 |
|
RU2696296C1 |
| METHOD OF DETECTING COMPUTER ATTACKS TO NETWORKED COMPUTER SYSTEM | 2013 |
|
RU2538292C1 |
| METHOD OF DETECTING NETWORK ATTACKS BASED ON ANALYSIS OF TRAFFIC TIME STRUCTURE | 2017 |
|
RU2680756C1 |
| METHOD OF MODELING DAMAGE EVALUATION CAUSED BY NETWORK AND COMPUTER ATTACKS TO VIRTUAL PRIVATE NETWORKS | 2016 |
|
RU2625045C1 |
| METHOD FOR DETECTING ANOMALOUS WORK OF NETWORK SERVER (OPTIONS) | 2016 |
|
RU2630415C2 |
| METHOD OF PROTECTION AGAINST DDOS-ATTACK ON BASIS OF TRAFFIC CLASSIFICATION | 2018 |
|
RU2704741C2 |
| SYSTEM AND METHOD OF TRAFFIC FILTRATION AT DDoS-ATTACK DETECTION | 2017 |
|
RU2649290C1 |
| METHOD OF DETECTING UNAUTHORIZED USE OF NETWORK DEVICES OF LIMITED FUNCTIONALITY FROM A LOCAL NETWORK AND PREVENTING DISTRIBUTED NETWORK ATTACKS FROM THEM | 2018 |
|
RU2703329C1 |
| COMPUTER ATTACKS DETECTION METHOD | 2017 |
|
RU2683631C1 |
| METHOD OF PROTECTING NODES OF VIRTUAL PRIVATE COMMUNICATION NETWORK FROM DDoS-ATTACKS WITH METHOD OF MANAGING QUANTITY OF RENDERED COMMUNICATION SERVICES TO SUBSCRIBERS | 2018 |
|
RU2675900C1 |
