One-Parameter Statistical Methods to Recognize DDoS Attacks

Abstract

Within our academic high-speed network infrastructure which is used for connecting all universities and high schools in our country to the Internet, there are thousands of cybersecurity attacks occurring every day. That is why, within our SANET II project, an effort has been made to create a self-learning system without a teacher, which would be able to quickly adapt to arbitrary traffic and recognize DDoS attacks on time, even in high-speed networks, with a potential simple implementation into a hardware probe. In the article, we deal with the Hurst and autoregression coefficients and the coefficient of variation. We test the coefficients on simulated data and on real records of attacks. For early machine recognition of the attack, we propose the so-called predicting (Formula presented.) -tunnel. The obtained results can lead to the investigation of other prediction methods that would improve the early recognition of an attack.