Statistical Techniques for Detecting Cyberattacks on Computer Networks Based on an Analysis of Abnormal Traffic Behavior

Full Text (PDF, 591KB), PP.1-13

Views: 0 Downloads: 0


Zhengbing Hu 1,* Roman Odarchenko 1,2 Sergiy Gnatyuk 1,2 Maksym Zaliskyi 1 Anastasia Chaplits 1 Sergiy Bondar 3 Vadim Borovik 3

1. National Aviation University, Kyiv, Ukraine

2. Yessenov University, Aktau, Kazahstan

3. International Research and Training Center for Information Technologies and Systems, Kyiv, Ukraine

* Corresponding author.


Received: 30 Jun. 2020 / Revised: 28 Jul. 2020 / Accepted: 9 Sep. 2020 / Published: 8 Dec. 2020

Index Terms

Anomaly Detection, Cyberattacks, Information Security, Data Analysis, Technology Architecture, Abnormal Traffic Behavior, Vulnerability, Security, Threat Model.


Represented paper is currently topical, because of year on year increasing quantity and diversity of attacks on computer networks that causes significant losses for companies. This work provides abilities of such problems solving as: existing methods of location of anomalies and current hazards at networks, statistical methods consideration, as effective methods of anomaly detection and experimental discovery of choosed method effectiveness. The method of network traffic capture and analysis during the network segment passive monitoring is considered in this work. Also, the processing way of numerous network traffic indexes for further network information safety level evaluation is proposed. Represented methods and concepts usage allows increasing of network segment reliability at the expense of operative network anomalies capturing, that could testify about possible hazards and such information is very useful for the network administrator. To get a proof of the method effectiveness, several network attacks, whose data is storing in specialised DARPA dataset, were chosen. Relevant parameters for every attack type were calculated. In such a way, start and termination time of the attack could be obtained by this method with insignificant error for some methods.

Cite This Paper

Zhengbing Hu, Roman Odarchenko, Sergiy Gnatyuk, Maksym Zaliskyi, Anastasia Chaplits, Sergiy Bondar, Vadim Borovik, "Statistical Techniques for Detecting Cyberattacks on Computer Networks Based on an Analysis of Abnormal Traffic Behavior", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.6, pp.1-13, 2020. DOI: 10.5815/ijcnis.2020.06.01


[1] Ranjan R., Sahoo G. A new clustering approach for anomaly intrusion detection, International Journal of Data Mining & Knowledge Management Process (IJDKP). 2014. vol. 4. No. 2. pp. 29–38.

[2] Barbara D., Wu N., Jajodia S. Detecting Novel Network Intrusions Using Bayes Estimators, Proceedings of the First SIAM International Conference on Data Mining. 2001. pp. 30–49.

[3] Mazurek M., Dymora P. Network anomaly detection based on the statistical selfsimilarity factor for HTTP protocol, Przeglad elektrotechniczny, 2014, pp. 127–130.

[4] Gu Y., McCallum A., Towsley D. Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation, Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. 2005. pp. 32–32.

[5] Barford P., Kline J., Plonka D., Ron A. A signal analysis of network traffic anomalies, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, 2002. pp. 71–82.

[6] J. Olivain and J. Goubault-Larrecq. Detecting subverted cryptographic protocols by entropy checking. Research Report LSV-06-13, Laboratoire Specification et Verifi-cation, ENS Cachan, France, June 2006.

[7] D. E. Taylor, “Survey and taxonomy of packet classification techniques,” ACM Comput. Surv, vol. 37, No. 3, pp. 238–275, 2005.

[8] Colin J. Bennett, Andrew Clement, Kate Milberry. Introduction to CyberSurveillance. Cyber-Surveillance in Everyday Life,vol. 9, No. 4 (2012)

[9] Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D. A Survey on Internet Traffic Identification; Communications Surveys & Tutorials, IEEE Volume 11, Issue 3, 3rd Q 2009, pp. 37-52.

[10] S.-H. Han, M.-S. Kim, H.-T. Ju and J.W. Hong, “The Architecture of NGMON: a Passive Network Monitoring System for High-Speed IP Networks”, Accepted to appear in the Proc. of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations & Management (DSOM 2002), Montreal, Canada, October 21-23, 2002.

[11] Duffield, N.; Lund, C.; Thorup, M., “Learn more, sample less: control of volume and variance in network measurement”, IEEE Transactions in Information Theory, vol. 51, No. 5, pp. 1756-1775, 2005.

[12] W. Wu et al., “Sliding Window Optimized Information Entropy Analysis Method for Intrusion Detection on In-Vehicle Networks,” in IEEE Access, vol. 6, pp. 45233-45245, 2018.

[13] N. Gupta Gourisetti, M. Mylrea and H. Patangia, “Application of Rank-Weight Methods to Blockchain Cybersecurity Vulnerability Assessment Framework,” 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2019, pp. 0206-0213.

[14] W. Zhang, Q. Yang and Y. Geng, “A Survey of Anomaly Detection Methods in Networks,” 2009 International Symposium on Computer Network and Multimedia Technology, Wuhan, 2009, pp. 1-3.

[15] T. Salman, D. Bhamare, A. Erbad, R. Jain and M. Samaka, “Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments,” 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, 2017, pp. 97-103.

[16] C. Callegari, S. Giordano and M. Pagano, “Anomaly detection: An overview of selected methods,” 2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON), Novosibirsk, 2017, pp. 52-57.

[17] M. Zaliskyi, R. Odarchenko, S. Gnatyuk, Yu. Petrova and A. Chaplits, Method of traffic monitoring for DDoS attacks detection in e-health systems and networks, CEUR Workshop Proceedings, vol. 2255, pp. 193-204, 2018.

[18] Q. Zhang, C. Rendon, V. M. D. Oca, P. D. R. Jeske and D. M. Marvasti, “A Nonparametric Cusum Algorithm for Timeslot Sequences with Applications to Network Surveillance,” 10th IEEE High Assurance Systems Engine-ering Symposium (HASE'07), Plano, TX, 2007, pp. 435-436.

[19] Kruegel C., Toth T. Using Decision Trees to Improve Signature-Based Intrusion Detection, Recent Advances in Intrusion Detection, 2003, pp. 173–191.

[20] Shelukhin O.I., Garmashev A.V. Detection of anomalous emissions of telecommunication traffic using discrete wavelet analysis, Electromagnetic waves and electronic systems, 2012, No. 2. pp. 15–26.

[21] Wang H., Zhang D., Shin K.G. Detecting SYN flooding attacks, Proceedings of IEEE INFOCOM’2002, New York City, NY, 2002, pp. 1530–1539.

[22] Peng T., Leckie C., Ramamohanarao K. Detecting distributed denial of service attacks using source IP address monitoring, Proceedings of the Third International IFIP-TC6 Networking Conference (Networking 2004), pp. 771–782.

[23] Sheluhin O.I., Atayero A.A. Integrated Model for Information Communication Systems and Metworks, Design and Development. IGI Global, USA, 2012. 462 p.

[24] Z. Hassan, R. Odarchenko, S. Gnatyuk et al, Detection of Distributed Denial of Service Attacks Using Snort Rules in Cloud Computing & Remote Control Systems, Proceedings of IEEE 5th Intern. Conf. on Methods and Systems of Navigation and Motion Control, October 16-18, 2018. Kyiv, Ukraine, pp. 283-288.

[25] O. Al-Jarrah and A. Arafat, “Network Intrusion Detection System using attack behavior classification,” 2014 5th International Conference on Information and Communi-cation Systems (ICICS), Irbid, 2014, pp. 1-6.

[26] Q. Zhou, W. Hu and W. Zhu, “Detection of Mailbomb Attacks Base on Time Interval Temporal Logic,” 2015 International Conference on Computational Intelligence and Communication Networks (CICN), Jabalpur, 2015, pp. 1078-1080.

[27] R. Odarchenko, S. Gnatyuk, T. Zhmurko et al, “Improved Method of Routing in UAV Network”, Proceedings of the 2015 IEEE 3rd Intern. Conf. on Actual Problems of Unmanned Aerial Vehicles Developments (APUAVD), Kyiv, Ukraine, October 13-15, Vol. 1, 2015, рр. 294-297.

[28] Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites. In: Proc. Int’l World Wide Web Conference, ACM Press, New York, 2002, pp. 252–262.

[29] Cyber systems and technology. DARPA Intrusion Detection Data Sets, Available Online, URL:

[30] V. Mosorov, A. Kosowski, R. Kolodiy, Z. Kharkhalis, “Data Traffic Modeling During Global Cyberattacks”, International Journal of Computer Networks and Information Security, vol.7, no.11, pp.20-36, 2015.

[31] I. Parkhomey, S. Gnatyuk, R. Odarchenko, T. Zhmurko et al, “Method For UAV Trajectory Parameters Estimation Using Additional Radar Data”, Proceedings of the 2016 4th International Conference on Methods and Systems of Navigation and Motion Control, Kyiv, Ukraine, October 18-20, 2016, рр. 39-42.

[32] F. Adeyinka, E. S. Oluyemi, A. N. Victor, U. C. Uchenna, O. Ogedengbe, S. Ale, “Parametric Equation for Capturing Dynamics of Cyber Attack Malware Transmission with Mitigation on Computer Network”, International Journal of Mathematical Sciences and Computing, Vol.3, No.4, pp.37-51, 2017.

[33] Y. Ghaderipour, H. Dinari. “A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features”, International Journal of Mathematical Sciences and Computing, Vol.6, No.4, pp.1-11, 2020.