A technique for early detection of cyberattacks using the traffic self-similarity property and a statistical approach
2021
The paper discusses a technique for detecting cyberattacks on computer networks, based on identifying anomalies in network traffic by assessing its self-similarity and determining the impact of cyber attacks using statistical methods. The proposed technique includes three stages, at which the analysis of the self-similarity property for the reference traffic is performed (using the methods of the Dickey-Fuller test, rescaled range, and detrended fluctuation), the analysis of the self-similarity property for the real traffic (by the same methods) and additional processing of time series with statistical methods (methods of moving average, Z-Score, and CUSUM). The issues of software implementation of the proposed approach and the formation of a dataset containing network packets are considered. The experimental results demonstrated the presence of self-similarity in network traffic and confirmed the high efficiency of the proposed method. This technique allows detecting cyberattacks in real or near real time.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
17
References
0
Citations
NaN
KQI