
Estimation of the Multifractal Spectrum Characteristics of Fractal Dimension of Network Traffic and Computer Attacks in IoT
https://doi.org/10.31854/1813-324X-2024-10-3-104-115
EDN: KIRCNK
Abstract
Relevance. Changes in the fractal dimension of network traffic can serve as an indicator of attacks or anomalous activity. Fractal analysis allows to identify changes in the temporal structure of traffic and signal possible threats. The self-similarity observed over wide time scales indicates the multifractal nature of the anomalies, which requires further study. Thus, the development of methods for detecting and classifying cyber attacks using multifractal analysis is an urgent task to improve information security.
The aim of the article. Increasing the efficiency of detection and classification of computer attacks in IoT networks using machine learning methods by expanding the number of attributes characterizing the parameters of the multifractal spectrum of fractal dimension.
Research methods: discrete wavelet analysis, multifractal analysis, machine learning, software implementation of a combined multiclass classification method in conjunction with fractal analysis methods.
Results. A methodology has been developed for assessing the characteristics of the multifractal spectrum of the fractal dimension of traffic using a sequence of current estimates of the fractal dimension in an analysis window of a fixed length depending on the resolution interval (sampling time). The analytical results of experimental assessments of multifractal analysis of processed processes in IoT networks are presented. The informational significance of additional attributes of computer attacks and normal traffic is assessed for the case of binary and multi-class classification using the Gini index for two cases: without adding a multifractal spectrum of fractal dimension and with the addition of a multifractal spectrum of fractal dimension. It has been shown that the main concentration of the most significant attributes falls on the sampling interval of 500 ms...1.5 s.
Novelty. The concept of a multifractal spectrum of fractal dimension is introduced in the form of a sequence of current estimates of the fractal dimension in an analysis window of a fixed length depending on the resolution interval.
Practical significance. The presented method for estimating the parameters of a multifractal spectrum of fractal dimension is universal and can be applied in various information systems.
About the Authors
O. I. SheluhinRussian Federation
S. Y. Rybakov
Russian Federation
A. V. Vanyushina
Russian Federation
References
1. Park K., Willinger W. Self-Similar Network Traffic: An Overview. In: Self-Similar Network Traffic and Performance Evaluation. John Wiley & Sons, 2000. DOI:10.1002/047120644X.ch1
2. Sheluhin O.I., Osin A.V., Smolskiy S.M. Self-Similarity and Fractals. Telecommunication Applications. Moscow: Fizmatlit Publ.; 2008. 362 p. (in Russ.) EDN:MVSWAB
3. Sheluhin O., Smolskiy S., Osin A. Self-Similar Processes in Telecommunications. John Wiley & Sons, 2007. 334 p.
4. Sheluhin O.I. Network Anomalies. Detection, Localization, Forecasting. Moscow: Goryachaya liniya –Telekom Publ.; 2019. 448 p. (in Russ.)
5. Sheluhin O., Kazhemskiy M. Influence Of Fractal Dimension Statistical Charachteristics On Quality Of Network Attacks Binary Classification. Proceedings of the 28th Conference of Open Innovations Association, FRUCT, 27‒29 January 2021, Moscow, Russia, vol.28. IEEE; 2021. p.407‒413. DOI:10.23919/FRUCT50888.2021.9347600. EDN:XMLZKW
6. Sheluhin O.I., Rybakov S.Y., Vanyushina A.V. Detection of Network Anomalies with the Method of Fixing Jumps of the Fractal Dimension in the Online Mode. Proceedings of the 28th Conference at Wave Electronics and Its Application in Information and Telecommunication Systems, WECONF, 30 May 2022 ‒ 03 June 2022, St. Petersburg, Russia. vol.5. IEEE; 2022. p.430‒435. DOI:10.1109/WECONF55058.2022.9803635. EDN:UEYFUM
7. Sheluhin O.I., Rybakov S.Yu., Vanyushina A.V. Influence of fractal dimension on quality classification of computer attacks by machine learning methods. H&ES Reserch. 2023;15(1):57‒64. (in Russ.) DOI:10.36724/2409-5419-2023-15-1-57-64. EDN:EVELAW
8. Kotenko I., Saenko I., Lauta O., Kribel A. The method of early detection of cyber attacks based on the integration of fractal analysis and statistical methods. Pervaya milya. 2021;6(98):64‒71. DOI:10.22184/2070-8963.2021.98.6.64.70. EDN:KRIUAD
9. Perov R.A., Lauta O.S., Kribel A.M., Fedulov Yu.M. A comprehensive technique for detecting cyber attacks based on the integration of fractal analysis and statistical methods. H&ES Reserch. 2022;14(2):44‒51. (in Russ.) DOI:10.36724/2409-5419-2022-14-2-44-51. EDN:ELALFA
10. Kotenko I., Saenko I., Lauta O., Kribel A. Anomaly and cyber attack detection technique based on the integration of fractal analysis and machine learning methods. Informatics and Automation. 2022;6(21):1328–1358. (in Russ.) DOI:10.15622/ ia.21.6.9. EDN:IWILXQ
11. Karachanskaya E.V., Sosedova N.I. Method for detection of network traffic anomalies which is based on its self-similar traffic structure. Bezopasnost informacionnyh tehnology. 2019;26(1):98‒110. (in Russ.) EDN: YZELNB
12. Vieira F.H.T., Bianchi G.R., Lee L.L. A Network Traffic Prediction Approach Based on Multifractal Modeling. Journal of High Speed Networks. 2010;17(2):83–96. DOI:10.3233/JHS-2010-0334
13. Zegzhda P.D., Lavrova D.S., Shtyrkina A.A. Multifractal Analysis of Backbone Network Traffic for Denial-of-Service At-tacks Detection. Information Security Problems. Computer Systems. 2018;2:48–58. (in Russ.) EDN:XTKTFZ
14. Lavrova D.S., Zegzhda D.P., Zegzhda P.D., Shtyrkina A.A. Assessment of cyber resilience of information technology systems based on self-similarity. Proceedings of the 25th Scientific and Technical Conference on Methods and Technical Means of Ensuring Information Security. St Petersburg: Peter the Great St. Petersburg Polytechnic University Publ.; 2016. p.101–104.
15. (in Russ.) EDN:YPUWMH
16. Shtyrkina A.A. Zegzhda P.D., Lavrova D.S. Detecting anomalies in Internet backbone traffic using multifractal analysis. Proceedings of the 27th Scientific and Technical Conference on Methods and Technical Means of Ensuring Information Security. St Petersburg: Peter the Great St. Petersburg Polytechnic University Publ.; 2018. p.14–15. (in Russ.) EDN:YPUXQD
17. Sheluhin O.I., Pankrushin A.V. Detection of Anomalies in Real Time Using the Methods of Multifractal Analysis. Non-linear World. 2016;14(2):72‒82. (in Russ.) EDN:VTZNTH
18. Sheluhin O.I., Lukin I.Y. Network Traffic Anomalies Detection Using a Fixing Method of Multifractal Dimension Jumps in a Real-Time Mode. Automatic Control and Computer Sciences. 2018;52(5):421‒430. DOI:10.3103/S0146411618050115. EDN:OJQHKD
19. Riedi R.H., Crouse M.S., Ribeiro V.J., Baraniuk R. A multifractal wavelet model with application to network traffic. IEEE Transactions on Information Theory. 1999;45(3):992‒1018. DOI:10.1109/18.761337
20. Taqqu M.S., Teverovsky V., Willinger W. Is Network Traffic Self-Similar or Multifractal? Fractals. 1997;5:63‒73. DOI:10.1142/S0218348X97000073
21. Sheluhin O.I., Garmashev A.B., Aderemi A.A. Detection of teletraffic anomalies using multifractal analysis. International Journal of Advancements in Computing Technology. 2011;3(4):174‒182. DOI:10.4156/ijact.vol3.issue4.19. EDN:PDYTSP
22. Sheluhin O.I. Multifractals: Infocommunication Applications. Moscow: Goryachaya liniya –Telekom Publ.; 2011. 576 p. EDN:QMUYXJ
23. Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: an Ensemble of Autoencoders for Online Network Intrusion Detection. arXiv:1802.09089v2. 2018. DOI:10.48550/arXiv.1802.09089
24. Miyamoto K., Goto H., Ishibashi R., Han C., Ban T., Takahashi T., et al. Malicious Packet Classification Based on Neural Network Using Kitsune Features. Proceedings of the 2nd International Conference on Intelligent Systems and Pattern Recogni-tion, ISPR 2022, 24–26 March 2022, Hammamet, Tunisia. Communications in Computer and Information Science, vol.1589. Cham: Springer; 2022. p.306‒314. DOI:10.1007/978-3-031-08277-1_25
25. Sheluhin O., Rybakov S. IoT Traffic Fractal Dimension Statistical Characteristics on the Kitsune Dataset Example. Pro-ceedings of Telecommunication Universities. 2023;9(5):112‒119. (in Russ.) DOI:10.31854/1813-324X-2023-9-5-112-119. EDN:YMSJRF
26. Sheluhin O.I., Rybakov S.Yu., Rakovsky D.I. Classification of computer attacks using multifractal spectrum of fractal dimension. Voprosy kiberbezopasnosti. 2024;2(60):107‒119. (in Russ.) DOI:10.21681/2311-3456-2024-2-107-119. EDN:GKOSBB
Review
For citations:
Sheluhin O.I., Rybakov S.Y., Vanyushina A.V. Estimation of the Multifractal Spectrum Characteristics of Fractal Dimension of Network Traffic and Computer Attacks in IoT. Proceedings of Telecommunication Universities. 2024;10(3):104-115. (In Russ.) https://doi.org/10.31854/1813-324X-2024-10-3-104-115. EDN: KIRCNK