Revealing of Informative Multifractal Properties of Network Traffic for Anomalies Detection. Y.N. Bardachev, A.A. Didyk

Abstract. Usage of multifractal formalism for analysis of network traffic structure for the purpose of anomalies revealing are considered in this paper. Multifractal spectrums of normal and abnormal (with presence of some sorts of network attacks) traffics are presented. It’s shown, that multifractal spectrums of two sorts of traffic considerably differ and that gives possibility to detect in due time abnormal activity in computer systems. Usage of such approach in detection intrusion systems will give possibility to raise level of information security of computer systems considerably.

Keywords. Network traffic, anomalies detection, multifractals, multifractal spectrum.

References.

1. Leland. W.; Taqqu, M.; Willinger, W.; and Wilson, D. «On the Self-Similar Nature of Ethernet Traffic (Extended Version). IEEE/ACM Transactions on Networking, February 1994.

2. Crovella, M., and Bestavros, A. «Self-Similarity in World-Wide Web Traffic: Evidence and Possible Causes». Proceedings, ACM Sigmetrics Conference on Measurement and Modeling of Computer Systems, May 1996.

3. Duffy, D.; McIntosh, A.; Rosenstein, M.; and Willinger, W. «Statistical Analysis of CCSN/SS7 Traffic Data from Working CCS Subnetworks». IEEE Journal on Selected Areas in Communications, April 1994.

4. Borella, M., and Brewster, G. «Measurement and Analyses of Long-Range Packet Dependent Behavior of Internet Packet Delay». IEEE INFOCOM'98, April 1998.

5. Божокин СВ., Паршин Д. А. Фракталы и мультифракгалы. Ижевск: НИЦ «Регулярная и хаотическая динамика», 2001.

6. 1999 DARPA intrusion detection evaluation, MIT Lincoln Labs, 1999. Online.. Available:  http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html