Key words
DDoS-attacks, SYN-flood, forecasting, web-resources, information protection.
articles
Authors:
Barmina S., Tadzhibaeva F., Tumbinskaya M. V. Published in
№ 4(76)
31 august 2018 year
Rubric: Data protection
Rubric: Data protection
Correlation analysis and forecasting of SYN-flood attacks
DDoS-attacks are included in the top-10 network attacks and lead to serious failures in the work of
web-resources. In the paper DDoS-attacks, their classification and methods of protection are considered.
Particular attention is paid to the most common type of DDoS-attacks ‒ SYN-flood attacks, correlation
analysis of their time series and forecasting. In the paper, the correlation analysis of the time series of SYNflood
attacks is implemented, the coefficient of data autocorrelation and seasonal indices are determined.
The forecasting of SYN-flood attacks for the coming quarters of 2018 and 2019 was carried out using
simple exponential smoothing. During the investigation, it was revealed that protection against DDoSattacks
should be implemented taking into account the mechanism of DDoS-attack. Depending on it, you
should use hardware, software or mixed protection. Investigation of SYN-flood attacks showed that this
type of attacks is the most dangerous: acting at the network level and clogging the network channel with
parasitic traffic, SYN-flood attack destroys the end equipment. The correlation analysis of the time series
of SYN-flood attacks showed that they are seasonally characterized: the greatest number of attacks is expected
in the first and third quarters of 2018 and 2019. For DDoS-attacks lasting up to 4 hours, seasonality
in the first quarter of the calendar year was also revealed, which means that in the first quarter of 2019
the greatest number of attacks of a given duration should be expected. The relation between SYN-flood
attacks and attacks of up to 4 hours is moderately strong, not critical, can be traced when the delay is 3
lag time (in our case, 3 quarters). According to the forecast made using the simple exponential smoothing
method, 57.1% of DDoS attacks of the SYN type are expected in the second quarter of 2018, in the
III and IV quarters of 2018 their number will be respectively 55.35% and 57.12%. In the first quarter of
2019, 58.73% of SYN-flood attacks are expected, in the II quarter of 2019 ‒ 57.08%.
The author:
Barmina S.
Degree:
student, Kazan national technical research university named after A. N. Tupolev — KAI
Location:
Kazan
The author:
Tadzhibaeva F.
Degree:
student, Kazan national technical research university named after A. N. Tupolev — KAI
Location:
Kazan
The author:
Tumbinskaya M. V.
Degree:
Cand. Sci. (Tech.), Assоciate Prоfessоr, Department оf Infоrmatiоn Prоtectiоn Systems, Kazan Natiоnal Research Technical University named after A. N. Tupоlev
Location:
Kazan
All articles:
Secure information system model of Internet banking
Protection of information in social networks from the social engineer attacks of the attacker
Correlation analysis and forecasting of SYN-flood attacks
Classification of DDoS-attacks based on the neural network model
Use of statistical methods for analysis and forecast of udp-flood attacks
Software for detecting “hidden miners” in a browser environment
