Skip to main content
SpringerLink
Log in

Statistical Distributions of Partial Correlators of Network Traffic Aggregated Packets for Distinguishing DDoS Attacks

  • Conference paper
  • First Online:
Distributed Computer and Communication Networks (DCCN 2019)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 11965))

Abstract

The limitations of classical spectral-correlation methods of network traffic analyzing for detecting and classifying its anomalous states are considered, and the perspective of using phase-portrait statistics and statistics in the form of partial correlators of network traffic aggregates suitable for both stationary and unsteady signals analysis is shown. These statistics are entered on the basis of an indirect analogy between the flow of aggregates of network traffic and the flow of wave packets of a coherent electromagnetic field. To do this, using the number of packets entering the aggregates and having various flags in their headers, a set of analytical signals are formed, the real parts of which correspond to the generalized coordinates of the aggregates, and the imaginary parts conjugated by the Hilbert transform correspond to their generalized velocities. Analytical signals modulate a coherent electromagnetic field, forming its envelopes, the statistics of which in the form of phase portraits and distributions of the values of the partial correlators of the wave packets of the field allow us to describe normal and abnormal states of network traffic. Partial correlators are formed by averaging the traffic evolution operator over the flag states of its aggregates, which makes it possible to describe non-stationary fields using distributions of correlator values. The effectiveness of using partial correlators for distinguishing of complex network attacks (TCP Connection Flood, Slow Loris, HTTP Get Flood) is confirmed by a computational experiment using an example of states analysis of the real network traffic of a TCP streaming protocol.

The article was prepared as part of research work on the topic “Automated Intelligent Management Information System (AIMIS) at a digital university. ‘I. Digital Faculty’ ”, funded by Russian State Social University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bhattacharyya, D., Kalita, J.: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. CRC Press Taylor & Francis Group, Boca Raton (2016)

    Book  Google Scholar 

  2. Shui, Y., Zhou, W., Jia, W., Xiang, Y., Tang, F.: Discriminating DDoS atacks from flash crowds flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 412–425 (2012)

    Google Scholar 

  3. Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017 (2017). https://www.hindawi.com/journals/scn/2017/3691629/. Accessed 15 Sept 2019

    Google Scholar 

  4. Cebrail, C., Ali, G., Abdullah, T.: Packet traffic features of IPv6 and IPv4 protocol traffic. Turk. J. Electr. Eng. Comput. Sci. 20(5), 727–749 (2012)

    Google Scholar 

  5. Zhongda T.: Chaotic characteristic analysis of network traffic time series at different time scales. Chaos Solitons Fractals 130, 1–16 (2020). https://doi.org/10.1016/j.chaos.2019.109412. Accessed 15 Sept 2019

    Article  MathSciNet  Google Scholar 

  6. Rytov, S.M., Kravtsov, Y.A., Tatarskii, V.I.: Principles of Statistical Radiophysics 1. Elements of Random Process Theory. Springer, Berlin (1987)

    MATH  Google Scholar 

  7. Cheng, C.-M., Kung, H.T., Tan, K.-S.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM, pp. 2143–2148. Institute of Electrical and Electronics Engineers, Taiwan (2002)

    Google Scholar 

  8. Fouladi, R., Seifpoor, T., Anarim, E.: Frequency characteristics of DoS and DDoS attacks. In: 21st Signal Processing and Communications Applications Conference, SIU, pp. 1–4. IEEE, Turkey (2013)

    Google Scholar 

  9. Kettani, H., Gubner, J.A.: A novel approach to the estimation of the Hurst parameter in self-similar traffic. In: Proceedings of IEEE Conference on Local Computer Networks, Florida, pp. 160–165 (2002)

    Google Scholar 

  10. Hurst, H.E.: Long-term storage of reservoirs: an experimental study. Trans. Am. Soc. Civ. Eng. 116, 770–799 (1951)

    Google Scholar 

  11. Mandelbrot, B.B.: The Fractal Geometry of Nature. W. H. Freeman and Co., New York (1983)

    Book  Google Scholar 

  12. Gezer, A.: Identification of abnormal DNS traffic via Hurst parameter. Balk. J. Electr. Comput. Eng. 6(3), 46–52 (2018)

    Article  Google Scholar 

  13. Abry, P., Veitch, D.: Wavelet analysis of long-range dependent traffic. IEEE Trans. Inf. Theory 44(1), 2–15 (1998)

    Article  MathSciNet  Google Scholar 

  14. Robinson, E.A.: A historical perspective of spectrum estimation. Proc. IEEE 70, 885–907 (1982)

    Article  Google Scholar 

  15. Yaglom, A.M.: Correlation Theory of Stationary and Related Random Functions. Springer, New York (1987). https://doi.org/10.1007/978-1-4612-4628-2

    Book  MATH  Google Scholar 

  16. Claasen, T.A.C.M., Mecklenbmker, W.F.G.: The Wigner distribution—a tool for time-frequency signal analysis. Philips J. Res. 35(6), 372–389 (1980)

    MathSciNet  Google Scholar 

  17. Xiaoyan, M.A., Hongguang, L.I.: An approach to dynamic estimation for Hurst index of network traffic. Int. J. Commun. Netw. Syst. Sci. 3, 167–172 (2010)

    Google Scholar 

  18. Kanarachos, S., Mathew, J., Chroneos, A., Fitzpatrick, M.E.: Anomaly detection in time series data using a combination of wavelets, neural networks and Hilbert transform. In: 6th IEEE International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–6. IEEE, Greece (2015)

    Google Scholar 

  19. Shelton, D.P.: Long-range orientation correlation in liquids. J. Chem. Phys. 136(4), 044503-1–044503-5 (2012)

    Article  Google Scholar 

  20. Zhongda, T., Shujiang, L., Yanhong, W., Yi, S.: A prediction method based on wavelet transform and multiple models fusion for chaotic time series. Chaos Solitons Fractals 98, 158–172 (2017)

    Article  MathSciNet  Google Scholar 

  21. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007)

    Article  Google Scholar 

  22. Krasnov, A.E.: Use of Hilbert filtering of an electromagnetic signal to identify invariant characteristics of its spatial structure. Optoelectron. Instrum. Data Process. 5, 106–108 (1987)

    Google Scholar 

  23. Krasnov, A.E.: Envelopes phase portraits of coherent electromagnetic field on the plane: using the phase portraits for the optimal discerning of field states. Radiotekhnika (2), 49–54 (1997)

    Google Scholar 

  24. Titchmarsh, E.: Introduction to the Theory of Fourier Integrals. Oxford University Press, England (1948)

    Google Scholar 

  25. Glauber R.: Optical Coherence and Photon Statistics (In book Quantum Theory of Optical Coherence: Selected Papers and Lectures). Wiley-VCH Verlag GmbH & Co. KGaA, Weinheim (2007)

    Google Scholar 

  26. Krasnov, A.E., Nadezhdin, E.N., Galayev, V.S., Zykova, E.A., Nikol’skii, D.N., Repin, D.S.: DDoS attack detection based on network traffic phase coordinates analysis. Int. J. Appl. Eng. Res. 13(8), 5647–5654 (2018)

    Google Scholar 

  27. Krasnov, A.E., Nikol’skii, D.N., Repin, D.S., Galyaev, V.S., Zykova, E.A.: Detecting DDoS attacks using the analysis of network traffic as dynamical system. In: International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC), pp. 1–7. IEEE, Moscow (2018)

    Google Scholar 

  28. RFC 792 – Internet control message protocol. https://tools.ietf.org/html/rfc792. Accessed 15 Sept 2019

  29. RFC 793 – Transmission Control Protocol. https://tools.ietf.org/html/rfc793. Accessed 15 Sept 2019

  30. Krasnov, A.E., Nadezhdin, E.N., Nikolsky, D.N., Galyaev, V.S.: Direct and reverse problems of reconstruction of evolution operators in the analysis of the dynamics of multidimensional processes. Chebyshevskii Sb. 19(2), 217–233 (2018). (in Russian)

    Article  Google Scholar 

  31. Krasnov, A.E., Nadezhdin, E.N., Nikol’skii, D.N., Repin, D.S., Galyaev, V.S.: Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki 28(3), 407–418 (2018)

    Article  Google Scholar 

  32. Agrawal, G.: Fiber-Optic Communications Systems. Wiley, New York (2002)

    Book  Google Scholar 

  33. Klauder, J.R., Sudarshan, E.C.G.: Fundamentals of Quantum Optics. Dover Publications, New York (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Russian State Social University, Moscow, Russia

    Andrey Evgenievich Krasnov & Dmitrii Nikolaevich Nikol’skii

Authors
  1. Andrey Evgenievich Krasnov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmitrii Nikolaevich Nikol’skii
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrey Evgenievich Krasnov .

Editor information

Editors and Affiliations

  1. V.A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia

    Vladimir M. Vishnevskiy

  2. Peoples' Friendship University of Russia, Moscow, Russia

    Konstantin E. Samouylov

  3. V.A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia

    Dmitry V. Kozyrev

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Krasnov, A.E., Nikol’skii, D.N. (2019). Statistical Distributions of Partial Correlators of Network Traffic Aggregated Packets for Distinguishing DDoS Attacks. In: Vishnevskiy, V., Samouylov, K., Kozyrev, D. (eds) Distributed Computer and Communication Networks. DCCN 2019. Lecture Notes in Computer Science(), vol 11965. Springer, Cham. https://doi.org/10.1007/978-3-030-36614-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36614-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36613-1

  • Online ISBN: 978-3-030-36614-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation