Detection of sources of network attacks based on the data sampling

Sagatov, Evgeny S.; Sukhov, Andrei Mikhailovich; Azhmyakov, Vadim V.

doi:10.18500/1816-9791-2024-24-3-452-462

Известия Саратовского университета. Новая серия. Серия Математика. Механика. Информатика (Aug 2024)

Detection of sources of network attacks based on the data sampling

Sagatov, Evgeny S.,
Sukhov, Andrei Mikhailovich,
Azhmyakov, Vadim V.

Affiliations

Sagatov, Evgeny S.: Sevastopol State University, 33 Universitetskaya St., Sevastopol 299053, Russia
Sukhov, Andrei Mikhailovich: Sevastopol State University, 33 Universitetskaya St., Sevastopol 299053, Russia
Azhmyakov, Vadim V.: Sevastopol State University, 33 Universitetskaya St., Sevastopol 299053, Russia

DOI: https://doi.org/10.18500/1816-9791-2024-24-3-452-462
Journal volume & issue: Vol. 24, no. 3
pp. 452 – 462

Abstract

Read online

This article defines the rules for finding the threshold values for the main network variables used to detect network intrusions under conditions of limited data sampling. The sFlow technology operates with a limited sample of packets, and one packet out of 50 can be analyzed, but this value can reach 5000. The main conclusion is that the product of the threshold value and sample resolution remains a constant value. The article defines the size of the maximum resolution, at which an attack with a given threshold can be detected. Based on the experimental data, this hypothesis was tested; considering the experimental error, it was verified.

Published in Известия Саратовского университета. Новая серия. Серия Математика. Механика. Информатика

ISSN: 1816-9791 (Print); 2541-9005 (Online)
Publisher: Saratov State University
Country of publisher: Russian Federation
LCC subjects: Science: Mathematics
Website: https://mmi.sgu.ru/

About the journal

Abstract

Keywords