×

You are using an outdated browser Internet Explorer. It does not support some functions of the site.

Recommend that you install one of the following browsers: Firefox, Opera or Chrome.

Contacts:

+7 961 270-60-01
ivdon3@bk.ru

Choosing the type of mother wavelet in fractal analysis in the problem of detecting computer attacks

Abstract

Choosing the type of mother wavelet in fractal analysis in the problem of detecting computer attacks

Rybakov S.Y.

Incoming article date: 21.08.2024

The study of statistical characteristics of network traffic allows us to detect its fractal features and estimate how the fractal dimension changes under cyber attacks (CA). These studies highlight the relationship between attacks and dynamic changes in the fractal dimension, which allows us to better understand how attacks affect the structure and behavior of network traffic. Such understanding is critical for developing effective methods for monitoring and protecting networks from potential threats. These observations justify the use of fractal analysis methods, including discrete wavelet analysis, for detecting CA. In particular, it is possible to monitor the fractal dimension of telecommunication traffic in real time with tracking its changes. However, the choice of the most appropriate mother wavelet for multiresolution analysis remains an insufficiently studied aspect. The article evaluates the influence of the choice of the mother wavelet type on the estimate of the Hurst exponent and the reliability of CA detection. The following types of mother wavelets are considered: Haar, Daubechies, Simlet, Meyer and Coiflet. The study included an experimental evaluation of the Hurst exponent on a data set that includes a SYN flood attack and normal network traffic. It was shown that the minimum spread of the Hurst exponent estimate for traffic with SYN flood attacks is achieved when using the Meyer mother wavelet with an analysis window of more than 10,000 samples and the Haar wavelets with an analysis window of less than 10,000 samples.

Keywords: mother wavelet, computer attack, network traffic, Hurst exponent, wavelet analysis, fractal dimension