Research on Method of Network Abnormal Detection Based on Hurst Parameter Estimation

Xia, Hongbin; Xu, Wenbo

doi:10.1109/csse.2008.1069

Cited by 5 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The change in self-similarity occurs during the transition from normal traffic to one containing attacks. The Hust exponent was used to identify a DDoS attack in [16][17][18]. A comparison of average Hurst exponent values between standard and attacking traffic can be found in [19].…”

Section: Related Workmentioning

confidence: 99%

Machine Recognition of DDoS Attacks Using Statistical Parameters

Smiesko,

Segec,

Kontsek

2023

Mathematics

View full text Add to dashboard Cite

As part of the research in the recently ended project SANET II, we were trying to create a new machine-learning system without a teacher. This system was designed to recognize DDoS attacks in real time, based on adaptation to real-time arbitrary traffic and with the ability to be embedded into the hardware implementation of network probes. The reason for considering this goal was our hands-on experience with the high-speed SANET network, which interconnects Slovak universities and high schools and also provides a connection to the Internet. Similar to any other public-facing infrastructure, it is often the target of DDoS attacks. In this article, we are extending our previous research, mainly by dealing with the use of various statistical parameters for DDoS attack detection. We tested the coefficients of Variation, Kurtosis, Skewness, Autoregression, Correlation, Hurst exponent, and Kullback–Leibler Divergence estimates on traffic captures of different types of DDoS attacks. For early machine recognition of the attack, we have proposed several detection functions that use the response of the investigated statistical parameters to the start of a DDoS attack. The proposed detection methods are easily implementable for monitoring actual IP traffic.

show abstract

Section: Related Workmentioning

confidence: 99%

Machine Recognition of DDoS Attacks Using Statistical Parameters

Smiesko,

Segec,

Kontsek

2023

Mathematics

View full text Add to dashboard Cite

show abstract

“…The authors in [13] compared the average Hurst values of normal and offensive traffic. The suitability of using the Hurst coefficient is also discussed in [14].…”

Section: Related Workmentioning

confidence: 99%

One-Parameter Statistical Methods to Recognize DDoS Attacks

et al. 2022

View full text Add to dashboard Cite

Within our academic high-speed network infrastructure which is used for connecting all universities and high schools in our country to the Internet, there are thousands of cybersecurity attacks occurring every day. That is why, within our SANET II project, an effort has been made to create a self-learning system without a teacher, which would be able to quickly adapt to arbitrary traffic and recognize DDoS attacks on time, even in high-speed networks, with a potential simple implementation into a hardware probe. In the article, we deal with the Hurst and autoregression coefficients and the coefficient of variation. We test the coefficients on simulated data and on real records of attacks. For early machine recognition of the attack, we propose the so-called predicting σ-tunnel. The obtained results can lead to the investigation of other prediction methods that would improve the early recognition of an attack.

show abstract

Real-time anomaly traffic monitoring based on dynamic k-NN cumulative-distance abnormal detection algorithm

Song

Liu

2014

2014 IEEE 3rd International Conference on Cloud Computing and Intelligence Systems

View full text Add to dashboard Cite

Research on Method of Network Abnormal Detection Based on Hurst Parameter Estimation

Cited by 5 publications

References 2 publications

Machine Recognition of DDoS Attacks Using Statistical Parameters

Machine Recognition of DDoS Attacks Using Statistical Parameters

One-Parameter Statistical Methods to Recognize DDoS Attacks

Real-time anomaly traffic monitoring based on dynamic k-NN cumulative-distance abnormal detection algorithm

Contact Info

Product

Resources

About