EARLY DETECTION AND DEFENSE METHODS FOR VARIABLE DDOS ATTACKS BASED ON PACKET GROUP PROCESSING ANALYSIS
DOI: 10.31673/2786-8362.2024.027035
DOI:
https://doi.org/10.31673/2786-8362.2024.027035Abstract
This paper proposes a method for early detection and defense
of variable DDoS attacks based on packet group processing analysis. The method combines real-time traffic
analysis and machine learning to detect anomalies in network data behavior. This enables a quick response
to changes in the attack vector and guarantees the stability and security of the information system. The
effectiveness of the method is confirmed by experimental studies that demonstrate the accuracy of detection
and minimization of delays in network operations. The method is based on dividing network traffic into
groups of packets and analyzing them taking into account their statistical, temporal and behavioral
characteristics. Particular attention is paid to the use of machine learning algorithms to detect deviations in
traffic patterns characteristic of DDoS attacks. The proposed approach makes it possible to detect the signs
of an attack at an early stage, before the impact of the attack becomes fatal for the infrastructure. This paper
describes an algorithm for processing packet swarms that takes into account the variability of attacks and
adapts to new attacker methods. The computational efficiency of the method is also discussed, which is
important to ensure its practical application on heavily loaded systems. To evaluate the effectiveness of the
method, a series of experiments were performed on real and synthetic datasets, achieving high attack
detection accuracy (>95%) and a low level of false positives. The application of the developed method not
only provides effective protection against the latest DDoS attacks, but also minimizes the risk of financial
loss and reputational damage associated with their consequences. The research results can be integrated
into existing defense systems to increase their adaptability and resilience to cyber threats.
Keywords: DDoS attacks, traffic analysis, packet swarm processing, network protection, machine
learning, cyber security, early detection
List of used literature:
1. Using the Latest Methods of Cluster Analysis to Identify Similar Profiles in Leading Social
Networks. Bohdan Zhurakovskyi, Ihor Averichev and Ivan Shakhmatov. Information Technology
and Implementation (Satellite) Conference Proceedings, 21 November, 2023. URL: https://ceurws.org/Vol-3646/Paper_12.pdf
2. Корченко А. Методи ідентифікації аномальних станів для систем виявлення вторгнень.
Монографія, Київ, ЦП «Компринт», 2019. URL:
https://nubip.edu.ua/sites/default/files/u34/monografiya_korchenko_anna_1.pdf
3. С. Казмірчук, А. Корченко, Т. Паращук, «Аналіз систем виявлення вторгнень», Захист
інформації, Т.20, №4, с. 259-276, 2018. URL: https://doi.org/10.18372/2225-5036.24.13431.
4. І. Терейковський, А. Корченко, Т. Паращук, Є. Педченко, «Аналіз відкритих систем
виявлення вторгнень», Безпека інформації. Т.24, №3, с. 201-216, 2018. URL: https://doi.org/10.18372/2225-5036.24.13431
5. Юдін О. К., Коновалов Е. О., Рогоза І. Є. Методи виявлення атак до інформаційних
ресурсів автоматизованих систем. Ukrainian information security research journal. 2010. Т. 12,
№ 2 (47). URL: https://doi.org/10.18372/2410-7840.12.1940.
6. Гончаренко М.С. Кіберзахист: основи аналізу. Львів: Видавництво ЛНУ, 2020.
7. Using machine learning to classify DOS/DDOS attacks / M. S. Kavetskyi et al.
Radiotekhnika. 2024. No. 217. P. 55–63. URL: https://doi.org/10.30837/rt.2024.2.217.04.
8. Savchenko V. A. Diagnosing the start of a slow HTTP DDoS attack based on two-parameter
traffic correlation analysis. Telecommunication and Information Technologies. 2021. Vol. 73, no.
4. URL: https://doi.org/10.31673/2412-4338.2021.042840.
9. Chornobuk M., Dubrovin V., Deineha L. Cybersecurity: research on methods for detecting
ddos attacks. Computer systems and information technologies. 2023. No. 4. p. 6–9. URL:
https://doi.org/10.31891/csit-2023-4-1.
10. Lunhol O. Overview of cybersecurity methods and strategies using artificial intelligence.
Cybersecurity: education, science, technique. 2024. Т. 1, № 25. С. 379–389. URL:
https://doi.org/10.28925/2663-4023.2024.25.379389.
11. Гайдук С.П. Мережевий аналіз трафіку. Харків: Видавництво ХНУРЕ, 2022.
12. AWS Shield Whitepaper: Advanced DDoS Protection. Amazon Web Services, 2023.
13. Opanasenko M. I. The technology of ensuring cyber security of the cloud environment based
on the Cisco Cloudlock solution. Modern information security. 2023. Vol. 53, no. 1. URL:
https://doi.org/10.31673/2409-7292.2023.010010.
14. Lockhart A. Network security hacks. O'Reilly Media, Incorporated, 2006.
