Izvestiya of Saratov University.

Mathematics. Mechanics. Informatics

ISSN 1816-9791 (Print)
ISSN 2541-9005 (Online)

For citation:

Sagatov E. S., Sukhov A. M., Azhmyakov V. V. Detection of sources of network attacks based on the data sampling. Izvestiya of Saratov University. Mathematics. Mechanics. Informatics, 2024, vol. 24, iss. 3, pp. 452-462. DOI: 10.18500/1816-9791-2024-24-3-452-462, EDN: OSEMWU

This is an open access article distributed under the terms of Creative Commons Attribution 4.0 International License (CC-BY 4.0).
Published online: 
30.08.2024
Full text:
download
(downloads: 76)
Language: 
English
Heading: 
Computer Sciences
Article type: 
Article
UDC: 
004.7
DOI: 
10.18500/1816-9791-2024-24-3-452-462
EDN: 
OSEMWU

Detection of sources of network attacks based on the data sampling

Autors: 
Sagatov Evgeny S., Sevastopol State University
Sukhov Andrei Mikhailovich, Sevastopol State University
Azhmyakov Vadim V., Sevastopol State University
Abstract: 

This article defines the rules for finding the threshold values for the main network variables used to detect network intrusions under conditions of limited data sampling. The sFlow technology operates with a limited sample of packets, and one packet out of 50 can be analyzed, but this value can reach 5000. The main conclusion is that the product of the threshold value and sample resolution remains a constant value. The article defines the size of the maximum resolution, at which an attack with a given threshold can be detected. Based on the experimental data, this hypothesis was tested; considering the experimental error, it was verified.

Key words: 
thresholds for detecting DDoS attacks
sFlow data sampling
rank distributions in network security
Acknowledgments: 
The authors acknowledge Sevastopol State University (SevSU) for the Research Grant 42-01-09/253/2022-1.
References: 
  1. Sukhov A. M., Sagatov E. S., Baskakov A. V. Rank distribution for determining the threshold values of network variables and the analysis of DDoS attacks. Procedia Engineering, 2017, vol. 201, pp. 417–427. https://doi.org/10.1016/j.proeng.2017.09.666
  2. Claise B. Cisco systems netflow services export version 9. 2004. https://doi.org/10.17487/rfc3954
  3. Giotis K., Argyropoulos C., Androulidakis G., Kalogeras D., Maglaris V. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 2014, vol. 62, pp. 122–136. https://doi.org/10.1016/j.bjp.2013.10.014
  4. Li B., Springer J., Bebis G., Gunes M. H. A survey of network flow applications. Journal of Network and Computer Applications, 2013, vol. 36, iss. 2, pp. 567–581. https://doi.org/10.1016/j.jnca.2012.12.020
  5. Feinstein L., Schnackenberg D., Balupari R., Kindred D. Statistical approaches to DDoS attack detection and response. In: Proceedings DARPA Information Survivability Conference and Exposition. Washington, DC, USA, 2003, vol. 1, pp. 303–314. https://doi.org/10.1109/DISCEX.2003.1194894
  6. David J., Thomas C. DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Computer Science, 2015, vol. 50, pp. 30–36. https://doi.org/10.1016/j.procs.2015.04.007
  7. David J., Thomas C. Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Computers & Security, 2019, vol. 82, pp. 284–295. https://doi.org/10.1016/j.cose.2019.01.002
  8. Singh K., Dhindsa K. S., Nehra D. T-CAD: A threshold based collaborative DDoS attack detection in multiple autonomous systems. Journal of Information Security and Applications, 2020, vol. 51, art. 102457. https://doi.org/10.1016/j.jisa.2020.102457
  9. Garcia-Teodoro P., Diaz-Verdejo J., Macia-Fernandez G., Vazquez E. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 2009, vol. 28, iss. 1–2, pp. 18–28. https://doi.org/10.1016/j.cose.2008.08.003
  10. Patel S. K., Sonker A. Rule-based network intrusion detection system for port scanning with efficient port scan detection rules using snort. International Journal of Future Generation Communication and Networking, 2016, vol. 9, iss. 6, pp. 339–350. https://doi.org/10.14257/ijfgcn.2016.9.6.32
  11. D’Cruze H., Wang P., Sbeit R. O., Ray A. A software-defined networking (SDN) approach to mitigating DDoS attacks. In: Latifi S. (ed.) Information Technology – New Generations, Advances in Intelligent Systems and Computing, vol. 558. Springer, Cham, 2018, pp. 141–145. https://doi.org/10.1007/978-3-319-54978-1_19
  12. Bekeneva Ya. A. Analysis of DDoS-attacks topical types and protection methods against them. Proceedings of Saint Petersburg Electrotechnical University Journal, 2016, vol. 1, pp. 7–14 (in Russian). EDN: TGYPJD
  13. Zakharov A. A., Popov E. F., Fuchko M. M. SDN architecture, cyber security aspects. Vestnik SibGUTI, 2016, iss. 1, pp. 83–92 (in Russian). EDN: WLSRVP
  14. Glassman S. A caching relay for the world wide web. Computer Networks and ISDN Systems, 1994, vol. 27, iss. 2, pp. 165–173. https://doi.org/10.1016/0169-7552(94)90130-9
  15. Wang D., Cheng H., Wang P., Huang X., Jian G. Zipf’s law in passwords. IEEE Transactions on Information Forensics and Security, 2017, vol. 12, iss. 11, pp. 2776–2791. https://doi.org/10.1109/TIFS.2017.2721359
  16. Zhang S., Sun W., Liu J., Nei K. Physical layer security in large-scale probabilistic caching: Analysis and optimization. IEEE Communications Letters, 2019, vol. 23, iss. 9, pp. 1484–1487. https://doi.org/10.1109/LCOMM.2019.2926967
Received: 
21.03.2023
Accepted: 
29.05.2023
Published: 
30.08.2024
  • 194 reads