Statistical algorithm for detecting computer security threats

The problem of synthesis of a statistical algorithm constructed in a subclass of discrete-continuous random processes designed to predict and detect the beginning of a DDos attack by analyzing changes in the intensity of received traffic is considered. To analyze and identify threats to the security of computer networks, there are monitoring systems that focus on analyzing traffic, packets, and protocols. All of these systems are vulnerable. Almost all levels of the object's OSI model, which is defined as any type of server or selected applications, are subject to attack, but the first sign of an attack is abnormal behavior of input traffic. Promising techniques to ensure safety of the COP include methods based on the detection of the deviation by the change of probabilistic data parameters. Their essence is to determine changes in the statistical characteristics of data flows. The developed algorithm allows not only detecting a network security threat, but also.

1. Cabrera, J.B.D. Proactive detection of distributed denial of service attacks using mib traffic variables – a feasibility study I J.B.D. Cabrera, L. Lewis, X. Qin et al. II Proc.of International Symposium on Integrated Network Management. Seattle, 14–18 May. 2001. Piscataway: IEEE, 2001:609– 622.

2. Ioannidis, J. Implementing Pushback: Router-Based Defense Against DDoS Attacks I J. loannidis, S.M. Bellovin II Proc. of Symposium of Network and Distributed Systems Security (NDSS). San Diego, 6-8 February. 2002: 57-71.

3. Manajan, R. Controlling High Bandwidth Aggregates in the Network : ICSI Technical Report I R. Manajan, S.M. Bellovin, S. Floyd et al. - ICSI, 2001: 16.

4. CoIIins, M. An Empirical Analysis of Target-Resident DoS Filters I M. Collins, M.K. Reiter If Proc. of 2004 IEEE Symposium on Security and Privacy (S&P'04). Oakland, May 9 –12, 2004. Piscataway : IEEE, 2004: 103–114.

5. Krishnamurthy, B. On network-aware clustering of Web clients I B. Krishnamurthy, J. Wang II Proc. of ACM SIGCOMM 2000. Stockholm 28 August – 1 September, 2000. [USA]: ACM publishing, 2000:97–110.

6. Jin, C. Hop-count filtering: An effective defense against spoofed DDoS traffic I C. Jin, H. Wang, K.G. Shin II Proc. of 10th ACM Conference on Computer and Communications Security. Washington, October 27-30, 2003. [USA] : ACM publishing, 2003:30-41.

7. Xuan, D. A Gateway-Based Defense System for Distributed DoS Attacks in High Speed Networks I D. Xuan, R. Bettati, W. Zhao II Proc.of 2nd IEEE SMC Information Assurance Workshop. West Point, NY, June, 2001. - Piscataway : IEEE, 2001:212-219.

8. Kang, J. Protect E-Commerce against DDoS Attacks with Improved DWARD Detection System I J. Kang, Z. Zhang, J. Ju II Proc. of 2005 IEEE International Conference on eTechnology, e-Commerce and e-Service. HongKong, 29 March-1 April, 2005. Piscataway : IEEE, 2005:100-105.

9. Mirkovic, J. A Taxonomy of DDoS Attacks and Defense Mechanisms / J.Mirkovic, P. Reiher II ACM SIGCOMM Computer Communications Review. 2004;34(2):643-666.

10. Li, M. Decision Analysis of Statistically Detecting Distributed Denial-of Service Flooding Attacks I M. Li, С Chi, W. Jia et al. II International Journal of Information Technology and Decision Making. 2003;2(3):397-405.

11. Peng, T. Proactively Detecting DDoS Attack Using Source IP Address Monitoring I T. Peng, C. Leckie, R. Kotagiri II Networking 2004. Athens, Greece, May 9-14, 2004. Berlin : Springer, 2004;3042:771-782.

12. Ternovoy O.S., Shatokhina A.S. Method of detecting vulnerabilities to DDoS attacks of content management systems on the example of the Wordpress system/ Ternovoy O. S., Izvestiya Altaiskogo gosudarstvennogo universiteta. 2012;1/2(71):104-108.

13. Bukhalev V.A. Recognition, evaluation and control in systems with random jump structure /M.: Nauka "Fizmatlit". 1996:287.