Abstract
The limitations of classical spectral-correlation methods of network traffic analyzing for detecting and classifying its anomalous states are considered, and the perspective of using phase-portrait statistics and statistics in the form of partial correlators of network traffic aggregates suitable for both stationary and unsteady signals analysis is shown. These statistics are entered on the basis of an indirect analogy between the flow of aggregates of network traffic and the flow of wave packets of a coherent electromagnetic field. To do this, using the number of packets entering the aggregates and having various flags in their headers, a set of analytical signals are formed, the real parts of which correspond to the generalized coordinates of the aggregates, and the imaginary parts conjugated by the Hilbert transform correspond to their generalized velocities. Analytical signals modulate a coherent electromagnetic field, forming its envelopes, the statistics of which in the form of phase portraits and distributions of the values of the partial correlators of the wave packets of the field allow us to describe normal and abnormal states of network traffic. Partial correlators are formed by averaging the traffic evolution operator over the flag states of its aggregates, which makes it possible to describe non-stationary fields using distributions of correlator values. The effectiveness of using partial correlators for distinguishing of complex network attacks (TCP Connection Flood, Slow Loris, HTTP Get Flood) is confirmed by a computational experiment using an example of states analysis of the real network traffic of a TCP streaming protocol.
The article was prepared as part of research work on the topic “Automated Intelligent Management Information System (AIMIS) at a digital university. ‘I. Digital Faculty’ ”, funded by Russian State Social University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhattacharyya, D., Kalita, J.: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. CRC Press Taylor & Francis Group, Boca Raton (2016)
Shui, Y., Zhou, W., Jia, W., Xiang, Y., Tang, F.: Discriminating DDoS atacks from flash crowds flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 412–425 (2012)
Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017 (2017). https://www.hindawi.com/journals/scn/2017/3691629/. Accessed 15 Sept 2019
Cebrail, C., Ali, G., Abdullah, T.: Packet traffic features of IPv6 and IPv4 protocol traffic. Turk. J. Electr. Eng. Comput. Sci. 20(5), 727–749 (2012)
Zhongda T.: Chaotic characteristic analysis of network traffic time series at different time scales. Chaos Solitons Fractals 130, 1–16 (2020). https://doi.org/10.1016/j.chaos.2019.109412. Accessed 15 Sept 2019
Rytov, S.M., Kravtsov, Y.A., Tatarskii, V.I.: Principles of Statistical Radiophysics 1. Elements of Random Process Theory. Springer, Berlin (1987)
Cheng, C.-M., Kung, H.T., Tan, K.-S.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM, pp. 2143–2148. Institute of Electrical and Electronics Engineers, Taiwan (2002)
Fouladi, R., Seifpoor, T., Anarim, E.: Frequency characteristics of DoS and DDoS attacks. In: 21st Signal Processing and Communications Applications Conference, SIU, pp. 1–4. IEEE, Turkey (2013)
Kettani, H., Gubner, J.A.: A novel approach to the estimation of the Hurst parameter in self-similar traffic. In: Proceedings of IEEE Conference on Local Computer Networks, Florida, pp. 160–165 (2002)
Hurst, H.E.: Long-term storage of reservoirs: an experimental study. Trans. Am. Soc. Civ. Eng. 116, 770–799 (1951)
Mandelbrot, B.B.: The Fractal Geometry of Nature. W. H. Freeman and Co., New York (1983)
Gezer, A.: Identification of abnormal DNS traffic via Hurst parameter. Balk. J. Electr. Comput. Eng. 6(3), 46–52 (2018)
Abry, P., Veitch, D.: Wavelet analysis of long-range dependent traffic. IEEE Trans. Inf. Theory 44(1), 2–15 (1998)
Robinson, E.A.: A historical perspective of spectrum estimation. Proc. IEEE 70, 885–907 (1982)
Yaglom, A.M.: Correlation Theory of Stationary and Related Random Functions. Springer, New York (1987). https://doi.org/10.1007/978-1-4612-4628-2
Claasen, T.A.C.M., Mecklenbmker, W.F.G.: The Wigner distribution—a tool for time-frequency signal analysis. Philips J. Res. 35(6), 372–389 (1980)
Xiaoyan, M.A., Hongguang, L.I.: An approach to dynamic estimation for Hurst index of network traffic. Int. J. Commun. Netw. Syst. Sci. 3, 167–172 (2010)
Kanarachos, S., Mathew, J., Chroneos, A., Fitzpatrick, M.E.: Anomaly detection in time series data using a combination of wavelets, neural networks and Hilbert transform. In: 6th IEEE International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–6. IEEE, Greece (2015)
Shelton, D.P.: Long-range orientation correlation in liquids. J. Chem. Phys. 136(4), 044503-1–044503-5 (2012)
Zhongda, T., Shujiang, L., Yanhong, W., Yi, S.: A prediction method based on wavelet transform and multiple models fusion for chaotic time series. Chaos Solitons Fractals 98, 158–172 (2017)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007)
Krasnov, A.E.: Use of Hilbert filtering of an electromagnetic signal to identify invariant characteristics of its spatial structure. Optoelectron. Instrum. Data Process. 5, 106–108 (1987)
Krasnov, A.E.: Envelopes phase portraits of coherent electromagnetic field on the plane: using the phase portraits for the optimal discerning of field states. Radiotekhnika (2), 49–54 (1997)
Titchmarsh, E.: Introduction to the Theory of Fourier Integrals. Oxford University Press, England (1948)
Glauber R.: Optical Coherence and Photon Statistics (In book Quantum Theory of Optical Coherence: Selected Papers and Lectures). Wiley-VCH Verlag GmbH & Co. KGaA, Weinheim (2007)
Krasnov, A.E., Nadezhdin, E.N., Galayev, V.S., Zykova, E.A., Nikol’skii, D.N., Repin, D.S.: DDoS attack detection based on network traffic phase coordinates analysis. Int. J. Appl. Eng. Res. 13(8), 5647–5654 (2018)
Krasnov, A.E., Nikol’skii, D.N., Repin, D.S., Galyaev, V.S., Zykova, E.A.: Detecting DDoS attacks using the analysis of network traffic as dynamical system. In: International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC), pp. 1–7. IEEE, Moscow (2018)
RFC 792 – Internet control message protocol. https://tools.ietf.org/html/rfc792. Accessed 15 Sept 2019
RFC 793 – Transmission Control Protocol. https://tools.ietf.org/html/rfc793. Accessed 15 Sept 2019
Krasnov, A.E., Nadezhdin, E.N., Nikolsky, D.N., Galyaev, V.S.: Direct and reverse problems of reconstruction of evolution operators in the analysis of the dynamics of multidimensional processes. Chebyshevskii Sb. 19(2), 217–233 (2018). (in Russian)
Krasnov, A.E., Nadezhdin, E.N., Nikol’skii, D.N., Repin, D.S., Galyaev, V.S.: Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Vestn. Udmurtsk. Univ. Mat. Mekh. Komp. Nauki 28(3), 407–418 (2018)
Agrawal, G.: Fiber-Optic Communications Systems. Wiley, New York (2002)
Klauder, J.R., Sudarshan, E.C.G.: Fundamentals of Quantum Optics. Dover Publications, New York (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Krasnov, A.E., Nikol’skii, D.N. (2019). Statistical Distributions of Partial Correlators of Network Traffic Aggregated Packets for Distinguishing DDoS Attacks. In: Vishnevskiy, V., Samouylov, K., Kozyrev, D. (eds) Distributed Computer and Communication Networks. DCCN 2019. Lecture Notes in Computer Science(), vol 11965. Springer, Cham. https://doi.org/10.1007/978-3-030-36614-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-36614-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36613-1
Online ISBN: 978-3-030-36614-8
eBook Packages: Computer ScienceComputer Science (R0)