MINAEV Yu.N., FILIMONOVA O.Yu., MINAEVA Yu.I.
ABSTRACT
The paper deals with the problem of identification of anomalous conditions of computer system traffic based on its presentations in the manner of multivariate time series, which componentwise and packagewise structuring enables to get hierarchical structured features of dataflow, used herein after for identifications. A possibility of application of p-adical models for the analysis of traffic, when using the preceding dataflow as dynamic pattern conditions, is shown.The examples which evidence for efficiency of the offered methodology are presented.
KEYWORDS
multidimensional traffic, data mining, packet ,traffic component, p-adical model, binary tree, fractal dimension, fractal number.
REFERENCES
1. Jiang, D., Qin, W., Nie, L. and et al. (2012), “Time-frequency detection algorithm of network traffic anomalies”, Intern. Conf. on innovation and information management (ICIIM IPCSIT), Vol. 36, pp. 110-116.
2. Vityaev, E.E., Kovalerchuk, B.Ya., Fedotov, A.M. and et al. (2008), “Detection and identification of patterns of abnormal situations in the flow of network traffic data”, Vestnik NGU. Seriya: Informatsionnye tekhnologii, Vol. 6, no. 2, pp. 57-70.
3. “Preventing of attacks with distributed denial of service (DDoS)”, Technical Report: Threats DDoS-risks, elimination and the best practices techniques, available at: http://www.cisco.com/web/U/products/ps5887/products_white_paper0900aecd8011e927_ .html
4. “Possibilities of classification and identification of traffic built into the software Cisco IOS”, available at: http://www.cisco.com/web/about/ac123/%20ac114/ac173/Q3-04/dept_ttips_threat.html
5. Kim, M.-S. , Kang, H.-J., Hong, S.-Ch. and et al. “A flow-based method for abnormal network traffic detection”, available at: attack-analysis-v5-revision.pdf
6. De Almeida, A.L.F., Favier, G., Mota, J.C.M. (2006), Tensor-decompositions and applications to wireless communication systems. Telecommunications: advances and trend in transmission, networking and applications. Edited by Charles Casimiro Cavalcante, Ricardo FialhoColares e Paulo Cesar Barbosa, Fortalesa: Universidade de Fortalesa, UNI-FOR.
7. Sidiropoulos, N.D. and Kyrillidis, A. (2012), “Multi-way compressed sensing for sparse low-rank tensors”, IEEE signal processing letters, Vol. 19, no. 11, pp. 757-760.
8. Sun, J., Tao, D. and Faloutsos, Ch. “Beyond Streams and Graphs: Dynamic Tensor Analysis”, available at: http://pdf.aminer.org/000/473/322/beyond_ streams_and_ graphs_dynamic_tensor_analysis.pdf.
9. Gudkov, V. and Johnson, E. “Multidimensional Network Monitoring for Intrusion Detection”, available at: http://www.necsi.edu/events/iccs/2002/NAp03_gudkov_iccsFixed02.20pdf.
10. Northcutt, S., Novak, J. and McLachlan, D. (2001), Network intrusion detection. An analyst's handbook, New Riders Publishing, Indiapolis.
11. Minaev, Yu.N., Tolstikova, E.V., Filimonova, O.Yu. and Minaeva, Yu.I. (2012), “Intelligent methods for identifying anomalous traffic based on p-adic models”, Tezy dopovidey V Mizhnarodnoyi nauk.-tekhn. konf. «Kompyuterni systemy ta merezhni tekhnologiyi» (CSNT-2012) [Proceedings of V International scientific-technical. conf. "Computer systems and network technologies» (CSNT-2012)], Kiev , June 13-15, 2012, pp. 18-20.
12. Mirkin, B.G. (2011), Metody klaster-analiza dlya podderzhki prinyatiya resheniy: obzor. Preprint [Methods for cluster analysis to support decision making: a review. Preprint], Izd. dom Nats. issled. un-ta Vysshaya shkola ekonomiki, Moscow, Russia.
13. Documentation Matlab: matlab: indexhelper ('C: / MatLab7 / Toolbox / Stats', ",' statistics', 'Cluster Analysis',' html / clusterdemo.html).
14. Kolacek, J. and Zelinka, J. “Kernel Smoothing Toolbox for MATLAB”, available at: http://www.math.muni.cz/english/science-andresearch/developed-software/232-matlabtoolbox.
html.
15. Katok, S.B. (2004), P-adicheskiy analiz v sravnenii s veshchestvennym. Perevod s angl. Kolgushkin, P.A. [P-adic analysis in comparison with the real. Translation from English Kolgushkin, P.A.], MTsNMO, Moscow, Russia.
16. Vladimirov, V.S., Volovich, I.V. and Zelenov, E.I. (1994), P-adicheskiy analiz i matematicheskaya fizika [P-adic analysis and mathematical physics], Fizmatlit, Moscow, Russia.
17. Khrennikov, A.Yu. (2003), Nearkhimedov analiz i ego prilozheniya [Non-Archimedean analysis and its applications], Fizmatlit, Moscow, Russia.
18.Skurikhin, A.V. “The use of scalable techniques in signal processing space”, available at: http://www.spiiras.nw.ru/rus/conferences/ict/Skurihin110604.ppt.
19. MySQL: 6.3.3.2. Mathematical functions, available at: http://phpclub.ru/mysql/doc/mathematical-functions.html.