Abstract:The article considers the possibility of early prediction of cyberattacks based on the analysis of suspicious activity in the network, which will provide additional opportunities for information protection services in countering such attacks. A feature of a slow DDoS attack is the use of a vulnerability in the TCP protocol, where interruptions can be caused intentionally or unintentionally as a result of delays in the communication channel. It is well known that detection of slow DDoS attacks is significantly different from volume-based attacks, as slow attacks do not increase network traffic. The general problem is to detect the start time of such an attack, since traffic parameters do not change dramatically. An assumption is made about the dependence of the slow attack on the user’s behavior. Using machine learning methods based on the analysis of similar situations in the past, it is possible to create an integrated system for transforming large volumes of publicly available data to predict the behavior of attackers in the network. A method of detecting such attacks based on research and prediction of suspicious user activity is proposed. The possibilities of using this method have been proven on the basis of modeling RUDY attacks on HTTP services. The characteristics of forecasting accuracy depending on the accumulated traffic and attack statistics are given. It is concluded that this method can be used to detect different types of slow DDoS attacks. Predicting suspicious traffic provides a solution to the problem of detecting slow DDoS attacks based on an algorithm for finding unknown future values for a time series of traffic parameters. The proposed method combines the advantages of artificial intelligence and statistical analysis and is capable of self-learning in case of replenishment of attack statistics. This approach allows you to accurately determine the random process at the control points and ensure a minimum of the mean square error of approximation in the intervals between these points.

Prediction of dynamics of suspicious network activity based on network traffic analysis

Low-rate DoS Attack Detection Method Based on Hybrid Deep Neural Networks.

A Dynamic Intrusion Detection System Capable of Detecting Unknown Attacks

Intelligent DDoS Detection in Botnet Combined with Packet-Level Features under SDN

Predict And Prevent DDOS Attacks Using Machine Learning and Statistical Algorithms

Machine Recognition of DDoS Attacks Using Statistical Parameters

Peak Traffic Volume Prediction Method Based on Machine Learning

Statistical Techniques for Detecting Cyberattacks on Computer Networks Based on an Analysis of Abnormal Traffic Behavior

High-Speed Network DDoS Attack Detection: A Survey

Detection of LDDoS Attacks Based on TCP Connection Parameters

An intelligent behavioral-based DDOS attack detection method using adaptive time intervals

Towards Detecting Flooding DDOS Attacks Over Software Defined Networks Using Machine Learning Techniques

A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques

Distributed Denial of Service Attack Detection in Network Traffic Using Deep Learning Algorithm

A DDoS attack detection and defense scheme using time-series analysis for SDN

Data Stream Clustering for Application-Layer DDoS Detection in Encrypted Traffic

Network Anomaly Early Warning through Generalized Network Temperature and Deep Learning

A New Multistage Approach to Detect Subtle DDoS Attacks.

An entropy and machine learning based approach for DDoS attacks detection in software defined networks

SYN Flood Attack Detection and Mitigation using Machine Learning Traffic Classification and Programmable Data Plane Filtering

Framework for Detecting Distributed Denial of Services Attack in Cloud Environment