O.I. Sheluhin - Dr.Sc (Eng.), Professor, Head of Department of Information Security and Automation, Moscow Technical Univercity of Communication and Informatics. E-mail: sheluhin@mail.ru A.V. Pankrushin - Post-graduate Student, Head of Department of Information Security and Automation, Moscow Technical Univercity of Communication and Informatics E-mail: a.v.pankrushin@gmail.com

In this paper we propose the method for traffic anomaly bursts online detection using multifractal methods. Method stands on current measurement of fractal properties using sliding window and multiresolution wavelet analysis. Traffic\'s fractal properties are measured by Hurst parameter. Multireslotion wavelet analysis is carried out with using of discrete wavelet transform of scaling processes. As a result, network traffic translates into time-frequency space where it could be variously analyzed. Therefore, wavelet transform could be shown as a sort of concurrent observation of time sequences of all durations on different scales. It has been shown, that in practical use of proposed procedure of estimation of Hurst parameter, lower boundary of scaling should be determined. To choose the interval of scaling it better to use algorithm of auto determination of scaling\'s lower boundary. By the value of lower boundary we can judge about the placement of boundary between short range and long range correlations in test data. Relations for measurement of fractal dimension for current placement of analysis window that were obtained in experiment, are generalization of known results for online case and allow us to calculate current estimate of Hurst parameter instead of it steady value. Because in the task of sliding window detection the amount of analyzed sequence limits the number of decomposition levels octaves,the task of detection is considered for different types of maternal wavelets. We provide tips for maternal wavelet type choice and for size of analysis window. We have shown the efficiency of algorithms that are fair for the case with sufficiently common conditions in Gaussian approximation that allow us to detect anomaly bursts of traffic. We provide the extension of obtained with results of Hurst parameter monofractal wavelet measurement for multifractal case. We had performed comparative analysis of the accuracy of traffic anomaly bursts detection with the example of anomaly caused by SYN-flood attack that is called Neptune and using different kinds of wavelets.

 

1. SHelukhin O.I., Sakalema D.ZH., Filinova A.S. Obnaruzhenie vtorzhenijj v kompjuternye seti. Setevye anomalii. M: Gorjachaja linija - telekom. 2013. 220 s.
2. SHelukhin O.I. Multifraktaly. Informacionnye prilozhenija. M: Gorjachaja linija - Telekom. 2011. 314 s.
3. Avry P., Veitch D. Wavelet analysis of long-range dependent traffic // IEEE Trans. on Info. Theory.1998.V. 44. № 1. R. 2-15.
4. AvryP., Taqqu M.S., Flandrin P., VeitchD. Wavelets for the analysis, estimation, and synthesis of scaling data / in Park K., Willinger W. (Eds.) Self-similar Network Traffic and Performance Evaluation. John Wiley & Sons. 2000.R. 39-88.
5. SHelukhin O.I. Pankrushin A.V.Ocenka dostovernosti obnaruzhenija anomalijj setevogo trafika metodami diskretnogo vejjvlet-analiza // T-Somm. 2013. № 10. S. 110-115.
6. Sheluhin O.I., Pankrushin A.V. Measuring of Reliability of Network Anomalies Detection Using Methods of Discrete Wavelet Analysis // Science and Information (SAI). Conference 2013. London, UK. R.393-397.
7. Veitch D., Avry P. A wavelet based joint estimator of the parameters of long-range dependence // IEEE Transactions on Information Theory (special issue on Multiscale statistical signal analysis and its applications). 1999.V. 45. № 3. R. 878-897.
8. Veitch D., AvryP.P., Flandrin P., Chainais P. Infinitely divisible cascade analysis of network traffic data, in Proceedings of the International Conference on Acoustics, Speech, and Signal Processing (Istanbul, Turkey). June 2000.
9. Sheluhin O.I., Smolskiy S.M., Osin A.V. Self-similar processes in telecommunications. 2007. JohnWiley & Sons. 320 p.
10. Malla S. Vejjvlety v obrabotke signalov: Per. s angl. M.: Mir. 2005. 671 s.
11. SHelukhin O.I. Antonjan A.A. Analiz izmenenijj fraktalnykh svojjstv telekommunikacionnogo trafika vyzvannykh anomalnymi vtorzhenijami // T-Somm. 2014. № 6. S. 61-64.