DETECTION OF DOS ATTACKS IN NETWORK TRAFFIC BY WAVELET TRANSFORM
DOI:
https://doi.org/10.32782/KNTU2618-0340/2021.4.1.20Keywords:
Dos attack, wavelet transform, detection threshold, noise reduction, network traffic, wavelet function, Mallat algorithmAbstract
Purpose. The number of network intrusions and attacks is gaining an increasingly critical position, which is emerging from the data of analytical agencies on cybersecurity. In the 21st century, almost all organizations are not 100% protected. In organizations with advanced security technologies, there may be bottlenecks in key elements - the attacker's understanding of known security technologies. In such situations, using other detection methods can be key to defending against a network attack. There are many methods for checking the level of security: analyzing the security of systems and applications, penetration testing, assessing the awareness of personnel in information security issues, etc. However, through the constant changes in technology, the emergence of new tools and criminal groups, new types of risks are emerging that are difficult to detect using traditional methods of security analysis. Against this background, the most advanced and progressive method for security testing with signal transformations and the study of incoming traffic will be able to change the level of network reliability. Methods. Cyberattacks in various formats, especially well-known ones, constantly require continuous assessment of the security of information systems. These obtained data are necessary for study and research by specialists for their further use. One of the most promising data mining methods, which is progressive and indepth, can be considered wavelet transforms. The wavelet transform algorithm should be used to analyze discrete data. This is important when a high speed of information processing and analysis is required. What is relevant for solving the problem of protecting the Internet. Results. The analysis of wavelet transform algorithms is carried out both for cleaning incoming traffic from noise and for detecting a network anomaly. The main stages of application and implementation of a detection system using threshold values of wavelet coefficients for detecting a network attack and anomaly are considered in detail. Scientific novelty. The developed detection model in accordance with an effective wavelet transform algorithm, comprehensively taking into account the current state of the network, and notifying at the risk of adverse events. Practical meaning. By considering network attacks like DOS-attack and practical responses to possible attacks, using wavelet transform for security can increase the system's protection by detecting undetected threats. To stop cybercriminals in the early stages of an attack and prevent material damage to the business, you should pay attention to this particular data mining method.
References
Tverdohleb J., Dubrovin V., Zakharova M. Wavelet technologies of non–stationary signals analysis. 1–th IEEE International Conference on Data Stream Mining & Processing. Ukraine, Lviv: LPNU, 2016. P. 75–79.
Mohammed Alharbi and Marwan Ali Albahar. Time and frequency components analysis of network traffic data using continuous wavelet transform to detect anomalies. ICIC International 2019 / ISSN 1349–4198. 2019, № 4(15). P. 1323–1336.
Shwan D., Perry X. Wavelet Transform for Educational Network Data Traffic Analysis, Wavelet Theory and Its Applications. Sudhakar Radhakrishnan. 2018. 268 p.
Соловьев Н.А., Тишина Н.А., Цыганков А.С., Юркевская Л.А., Чернопрудова Е.Н. Методы спектрального анализа в задаче обнаружения аномалий информационных процессов телекоммуникационных сетей: монография. Оренбург: ОГУ, 2013. 171 с.
Lavrova D., Semyanov P., Shtyrkina A., Zegzhda P. Wavelet–analysis of network traffic time-series for detection of attacks on digital production infrastructure. SHS Web of Conf. 2018. Vol. 44. P. 1–8.
Аносов А.О., Проценко М.М., Дубинко О.Л., Павлунько М.Я. Застосуваннявейвлет-перетворення для аналізу цифрових сигналів. Сучасний захист інформації. 2018. №1(33). С. 38–42.
Московский С.Б., Сергеев А.Н., Лалина Н.А. Очистка сигнала от шумов сиспользованием вейвлет-преобразования. Universum: технические науки: электрон. научн. журн. 2015. №2 (15). С. 1-2.8. Donghong S., Zhibiao S., Wu L., Ping R., Jian–ping W. Analysis of Network Security Data Using Wavelet Transforms. Journal of Algorithms & Computational Technology. 2003. Vol. 8. №1. Р. 59–79.
Dubrovin V.I., Tverdohleb J.V., Kharchenko V.V. R-peaks detection using wavelettechnology. Радиоэлектроника, информатика, управление. 2013. №2 (29). С. 126–129.
Проценко М.М., Павлунько М.Я., Мороз Д.П., Бржевська З.М. Методика фільтрації цифрових сигналів з використанням швидкого вейвлет–перетворення.Сучасний захист інформації. 2019. №1 (37). С. 64–69.
Шелухин О.И., Филинова А.С. Сравнительный анализ алгоритмов обнаружения аномалий трафика методами дискретного вейвлет–анализа. T–Comm – Телекоммуникации и Транспорт. 2014, Т. 8, № 9. С. 89–97.
Проценко М.М., Куртсеітов Т.Л., Павлунько М.Я., Бржевська З.М. Застосуванняпакетного вейвлет–перетворення для обробки радіотехнічних сигналів. Сучаснийзахист інформації. 2018, №3 (35). C. 11–15.
Шелухин О.И., Сакалема Д.Ж., Филинова А.С. Обнаружение вторжений в компьютерные сети (сетевые аномалии). Научно – техническое издательство Горячая линия – Телеком. 2016. 221 с.
Дубровин В.И., Твердохлеб Ю.В. Исследование изменений энтропии и энергии при разложении сигналов. Радиоэлектроника, информатика, управление. 2013,№ 2 (29). С. 54–58.
