Detection of Anomalies in the Traffic of Information and Telecommunication Networks Based on the Assessment of its Self-Similarity

The prevailing traffic models based on Markov processes have a short-term dependence and, as applied to computer networks, led to an underestimation of the load. Fractal properties of network traffic looks the same with a sufficiently large scale of the time axis, exhibits a long-term dependence, and are more preferable for solving the computer security tasks. The paper presents a method for detecting network traffic anomalies based on the assertion that traffic is a fractal. It is assumed that network traffic is a self-similar structure and is modeled by a fractal Brownian motion. Fractal analysis and mathematical statistics were used as tools in the development of this method. Experimental testing showed a rather high accuracy of the method and its ability to detect network traffic anomalies caused by DoS attacks.