Метод та програмні засоби виявлення кібератаки типу r.u.d.y. на основі використання алгоритму визначення самоподібності трафіку
Вантажиться...
Файли
Дата
2019
Автори
Лисенко, С.М.
Ткачук, В.А.
Lysenko, S.
Tkachuk, V.
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
В роботі представлено метод виявлення DoS-атаки типу R.U.D.Y. на основі використання алгоритму
визначення самоподібності мережевого трафіку. Використання запропонованого методу дозволяє здійснювати
виявлення DoS-атаки на прикладному рівні моделі OSI. Запропонований метод може бути основою для побудови
програмного забезпечення систем виявлення кібератак.
Antivirus software using signature-based technologies can not normally detect harmful zero-day software, since such new signatures are not available for newly created malware. An analysis of known methods to combat cyberattacks shows their lack of efficiency, so building a new method for detecting cyber-threats is an extremely urgent task. The article presents a new method for detecting a DoS-attack type R.U.D.Y. using the algorithm to determine the self-similarity of network traffic. In the enlarged version of the presentation of the algorithm, the method consists of two parts: the study of the neural network of previously received data about harmful traffic and the analysis of the received network traffic to form conclusions about the possible detection of cyber attacks. Moreover, in order to improve the efficiency of the method, it is expedient to implement the first part before the actual monitoring of network traffic, as the training of the neural network requires a certain amount of time during which the received harmful traffic can be analysed with insufficient efficiency. As the approach uses the neural networks there are several factors, which can predict prediction accuracy. One of them is the diversity of training samples Most conspicuously, that not all possible feature vectors, that describe different cyberattacks, are adequately represented in the training set. Thus, system can be further improved by choosing more than a few malicious samples for each attack classes. The described method makes it possible to detect harmful streams of data packets among ordinary, and continuous monitoring of certain malicious flows makes it possible to detect an attacker and allows to isolate the usual network data stream from the harmful one. In the enlarged version of the presentation of the algorithm, the method consists of two parts: the study of the neural network of previously received data about harmful traffic and the analysis of the received network traffic to form conclusions about the possible detection of cyber attacks.
Antivirus software using signature-based technologies can not normally detect harmful zero-day software, since such new signatures are not available for newly created malware. An analysis of known methods to combat cyberattacks shows their lack of efficiency, so building a new method for detecting cyber-threats is an extremely urgent task. The article presents a new method for detecting a DoS-attack type R.U.D.Y. using the algorithm to determine the self-similarity of network traffic. In the enlarged version of the presentation of the algorithm, the method consists of two parts: the study of the neural network of previously received data about harmful traffic and the analysis of the received network traffic to form conclusions about the possible detection of cyber attacks. Moreover, in order to improve the efficiency of the method, it is expedient to implement the first part before the actual monitoring of network traffic, as the training of the neural network requires a certain amount of time during which the received harmful traffic can be analysed with insufficient efficiency. As the approach uses the neural networks there are several factors, which can predict prediction accuracy. One of them is the diversity of training samples Most conspicuously, that not all possible feature vectors, that describe different cyberattacks, are adequately represented in the training set. Thus, system can be further improved by choosing more than a few malicious samples for each attack classes. The described method makes it possible to detect harmful streams of data packets among ordinary, and continuous monitoring of certain malicious flows makes it possible to detect an attacker and allows to isolate the usual network data stream from the harmful one. In the enlarged version of the presentation of the algorithm, the method consists of two parts: the study of the neural network of previously received data about harmful traffic and the analysis of the received network traffic to form conclusions about the possible detection of cyber attacks.
Опис
Ключові слова
DoS-атака, R.U.D.Y., R-U-Dead-Yet, виявлення кібератак, показник Херста, самоподібність трафіку, DoS-attack, R.U.D.Y., R-U-Dead-Yet, cyberattacks detection, Hurst exponent, traffic self-similarity
Бібліографічний опис
Лисенко, С.М. Метод та програмні засоби виявлення кібератаки типу R.U.D.Y. на основі використання алгоритму визначення самоподібності трафіку [Текст] / С. М. Лисенко, В. А. Ткачук // Вісник Хмельницького національного університету. Технічні науки. – 2019. – №3. – C. 180-187.