Detection of Traffic Anomalies Based on Their Frame Wavelet Transformations Processing

Relevance. The active transition to a massive digital infrastructure based on Internet of Things (IoT) technology has brought telecommunications networks to the level of dominant information resources. The one-time increase in the number of existing Internet services is inextricably linked to the growing variety of network anomalies on telecommunications equipment. In turn, existing methods of detecting network threats do not allow timely assessment of network traffic, which is characterized by a large number of parameters, and the detected anomalies from external interference do not have pronounced patterns.

The purpose of the study is to increase the efficiency of detecting traffic anomalies based on the results of processing its frame wavelet transform. The scientific task is to develop scientific and methodological approaches that allow effective analysis and timely detection of anomalies in network traffic. A comparative review of search methods for detecting network traffic anomalies, algorithms for detecting uncontrolled anomalies, traffic analysis methods based on local emission factor, binary trees, optical emission spectroscopy.

Decision. The results of the study of the possibility of detecting anomalies in the bitstream traffic based on the results of its multiple-variable transformation in the Haar wavelet basis are considered. The choice for further processing of the coefficients of the traffic decomposition matrix along the time shift variable is justified. It is proved that multiple-scale transformations not only increase the structural differences in traffic, but also open up the possibility of localization of anomalies that caused these differences.

The scientific novelty of the work is determined by the author's approach to detecting network traffic anomalies during the transition from the direct representation of a signal in the form of its discrete samples to coefficients formed from the matrices of its wavelet transformations, and, as a result, increasing its contrast with other signals with a similar structure.

Theoretical significance. The necessity and sufficiency of using wavelet coefficients instead of time samples of signals in the basis of the parent wavelet from the matrix of the generated frame is proved. The relationship between the Hurst indicators and the coefficients of the cross-correlation functions has been established.

Practical significance. The results obtained in the work, in the future, can be used in the construction of models for evaluating network traffic in conditions of deliberate, as well as methods for searching and synthesizing effective methods of protection against them.

1. Kolchina O.A., Lesnichaya M.A. Assessment of the Differentiation of Municipalities Development by People's Living Standards and Their Quality of Life in the Digital Transformation Conditions. Economics and Entrepreneurship. 2020;11(124):578‒584. (in Russ.) DOI:10.34925/EIP.2020.124.11.108. EDN:WCNVSU

2. Askaruly B., Abitova G.A. Hybrid information systems modeling technology for business process analysis based on the internet of things. Bulletin of Shakarim University. Technical Sciences. 2023;3(11):19‒28. DOI:10.53360/2788-7995-2023-3(11)-2. EDN:QGULYH

3. Larsson E., Bratt E., Palmqvist J., Söderberg A., Hall A. Internet of things as a complement to increase safety. Journal of the Belarusian State University. International Relations. 2020;1:88‒93. EDN:NYVGQK

4. Lisnev D.S. Review of methods for forecasting network anomalies. The Herald of the Siberian State University of Telecommunications and Information Science. 2023;17(2):44‒50. (in Russ.) DOI:10.55648/1998-6920-2023-17-2-44-50. EDN:RPMMTF

5. Orekhov A.V., Orekhov A.A. Automatic detection of network traffic anomalies in DDoS attacks. Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes. 2023;19(2):251‒263. (in Russ.) DOI:10.21638/11701/spbu10.2023.210. EDN:XYNCXN

6. Gaifulina D.A., Kotenko I.V. Analysis of deep learning models for the tasks of detecting network anomalies of the Internet of Things. Information and Control Systems. 2021;1(110):28‒37. (in Russ.) DOI:10.31799/1684-8853-2021-1-28-37. EDN:DTPPJY.

7. Azhmukhamedov I.M., Marienkov A.N. Search and evaluation of network traffic anomalies based on cyclic analysis. Inzhenernyi vestnik Dona. 2012;2(20):17‒26. (in Russ.) EDN:PCRPQT

8. Kotenko I.V., Saenko I.B., Kushnerevich A.S. Parallel big data processing system for security monitoring in Internet of Things networks. Journal of Wireless Mobile Networks, Ubiquitous Computing and Reliable Applications (JoWUA). 2017;8(4):60‒74. DOI:10.22667/JOWUA.2017.12.31.060

9. Mallat S.G. A Theory of multiresolution signal decomposition: the wavelet representation. IEEE Transactions on Pattern Analysis and Machine Intelligence. 1989;11(7):674‒693. DOI:10.1109/34.192463

10. Pozdnyak I.S., Plavan A.I. Identification of DOS attacks by analyzing statistical characteristics of traffic. Infocommunication Technologies. 2021;19(1):73‒80. (in Russ.) DOI:10.18469/ikt.2021.19.1.10. EDN:CTTSUN

11. Shelukhin O.I., Sudarikov R.A. Analysis of informative signs in the tasks of detecting traffic anomalies by statistical methods. T-Comm. 2014;8(3):14‒18. (in Russ.) EDN:SGIHFZ

12. Dvornikov S.V., Pogorelov A.A., Voznyuk M.A., Ivanov R.V. Assessment of the immunity of control channels with frequency modulation. Information and Space. 2016;1:32‒35. (in Russ.) EDN:VPQCFF

13. Simakov D.V., Kuchin A.A. Analysis of statistical characteristics of Internet traffic in the trunk channel. T-Comm. 2014; 8(11):95‒98. (in Russ.) EDN:TESPPD

14. Kalistratova A.V., Nikitin A.A. Investigation of the Dikman equation with integral kernels having variable values of kurtosis coefficients. Doklady Akademii nauk. 2016;470(6):628‒631. (in Russ.) DOI:10.7868/S086956521630006X. EDN:WOSDQV

15. Vorobyov V.I., Gribunin V.G. Theory and Practice of the Wavelet Transform. St. Petersburg: VUS Publ.; 1999. 204 p. (in Russ.)

16. Popov I.Y. Method of setting parameters of the algorithm of local emission coefficients for searching for network anomalies. Science and Business: Ways of Development. 2019;8(98):88‒91. (in Russ.) EDN:DWUTUV

17. Nesterova E.S. Algorithm of local emission coefficients. Fundamental and Applied Research in the Modern World. 2019;26-2:41‒43. (in Russ.) EDN:FWQJQH

18. Denisova A.Yu., Myasnikov V.V. Detection of anomalies in hyperspectral images. Computer Optics. 2014;38:2:287‒296. DOI:10.18287/0134-2452-2014-38-2-287-296. (in Russ.) EDN:SFAZCT

19. Vasilyeva D.V., Dvornikov S.S., Tolstukha Yu.E., Obrezkov P.S., Dvornikov S.V. Formation of feature vectors for video surveillance systems. Voprosy radioelektroniki Seriia Tekhnika televideniia. 2023;4:62‒68. (in Russ.) EDN:NZSBEJ

20. Liu F.T., Ting K.M., Zhou Z.H. Isolation Forest. Proceedings of the 8th International Conference on Data Mining, 15‒19 December 2008, Pisa, Italy. IEEE; 2008. p.413–422. DOI:10.1109/ICDM.2008.17

21. Krasnov F.V., Smaznevich I.S., Baskakova E.N. Optimization approach to the choice of methods for detecting anomalies in homogeneous text collections. Informatics and Automation. 2021;20(4):869‒904. (in Russ.) DOI:10.15622/ia.20.4.5. EDN:XWIJOS

22. Shelukhin O.I., Polkovnikov M.V. Application of the "Isolating Forest" algorithm for solving problems of anomaly detection. Reshenie. 2019;1:186‒188. (in Russ.) EDN:SSIRSY

23. Bol G. Deskriptive Statistik. Oldenbourg: Oldenburg Verlag; 2004.

24. Puggini L., McLoone S. An enhanced variable selection and Isolation Forest based methodology for anomaly detection with OES data. Engineering Applications of Artificial Intelligence. 2018;67:126–135. DOI:10.1016/j.engappai.2017.09.021

25. Shpikerman D., Keller J. Anomaly detection based on uncontrolled packets in virtual networks. Computer Networks. 2021;192:108017. DOI:10.1016/j.comnet.2021.108017

26. Ahmed M., Mahmoud A, Hu J. A Survey of Network Anomaly Detection Techniques. Journal of Network and Computer Applications. 2016;60:19‒31. DOI:10.1016/j.jnca.2015.11.016

27. Kalush Yu.A., Loginov V.M. The Hurst index and its hidden properties. Journal of Applied and Industrial Mathematics. 2002;5(4(12)):29‒37. (in Russ.) EDN:HZOKUN

28. Dvornikov S.-Jr., Dvornikov S. Detection Range Estimation of Small UAVs at a Given Probability of Their Identification. Proceedings of Telecommunication Universities. 2023;9(4):6‒13. DOI:10.31854/1813-324X-2023-9-4-6-13. EDN:YLBWOS

29. Umbitaliev A.A., Dvornkov S.V., Okovs I.N., Ustinov A.A. Compression method graphic files using wavelet transform. Voprosy radioelektroniki Seriia Tekhnika televideniia. 2015;3:100‒106. (in Russ.) EDN:UMOIVJ

30. Mallat S.G., Zhang Z. Matching pursuits with time-frequency dictionaries. IEEE Transactions on Signal Processing. 1993;41(12):3397‒3415. DOI:10.1109/78.258082

31. Dvornikov S.V., Stepynin D.V., Dvornikov A.S., Bukareva A.P. Formation of signal feature vectors from the wavelet coefficients of their frame transformations. Information Technologies. 2013;5:46‒49. EDN:QAQWUF

32. Novikov I.Ya., Protasov V.Yu., Skopina M.A. Theory of Bursts. Moscow: Fizmatlit Publ.; 2005. 616 p. (in Russ.)