IMPLEMENTATION OF PROTECTION OF SERVERS WITH ABNORMAL ACCOUNTS IN THE PACKAGE SYSTEM

Authors

DOI:

https://doi.org/10.18372/2410-7840.26.20018

Keywords:

anomalies in packets, DDoS attacks, machine learning, traffic analysis, server protection

Abstract

Server protection is a very important aspect of information security as cyber threats grow, especially as network traffic increases and attack complexity. One effective approach is to use a protection system that takes into account network packet anomalies. The detection and processing of such anomalies allows you to quickly identify and neutralize threats where DDos attacks occupy a special place. This article describes how to analyze network traffic in real time based on statistical methods and machine learning algorithms and classify network packets according to their behavioral characteristics [1]. The system implements a multi-layered approach to server protection, which includes three main stages: initial data filtering, statistical analysis, and the use of machine learning models. At the first stage, malicious packets are excluded based on simple criteria, such as forbidden IP addresses and incorrect packet formats.[2] In Phase 2, statistical analysis is used to detect deviations in the traffic distribution, for example, a sharp increase in the number of requests or a change in packet size [3]. The third stage involves the use of classifiers trained with historical data to identify anomalies in network operation. The list of presented models allows you to adapt to new types of attacks by automatically updating [4]. The advantages of the presented system are: It detects both traditional DDoS attacks (port scans, exploits of network protocol vulnerabilities, and SQL injection attempts) and other types of threats. Second, integration with existing monitoring tools and firewalls. Integration with existing monitoring tools and firewalls [5] also makes it easy to implement without significant cost increases. The system is characterized by high attack detection accuracy, low false positive rate. It provides efficient real-time server protection to ensure business continuity and prevent financial and reputation loss.

Author Biographies

Petro Ponochovny, State University of information and telecommunication technologies

PhD student of department Technical system cyber security of the State University of Information and Communication Technologies, Kyiv, Ukraine.

Yuriy Pepa, State University of information and telecommunication technologies

Ph.D., docent, professor of department Technical system cyber security of the State University of Information and  Communication Technologies, Kyiv, Ukraine

References

Yu S., Lu X., Zhu Y. Traffic Classification Techniques in Network Security. – Springer, 2022.

Behal S., Kumar K. Detection of DDoS Attacks Using Machine Learning Algorithms. // International Journal of Computer Applications, 2020.

Akbanov M., Koucheryavy A. Adaptive Anomaly Detection for Cybersecurity. – Wiley, 2021.

Jain R., Agrawal R. Network Intrusion Detection Systems: A Machine Learning Perspective. // Computers & Security, 2019.

Wang P., Gu G. Real-Time Traffic Anomaly Detection Using Hybrid Approaches. // Journal of Network Security, 2020.

Using the Latest Methods of Cluster Analysis to Identify Similar Profiles in Leading Social Networks. / Bohdan Zhurakovskyi, Ihor Averichev and Ivan Shakhmatov // Information Technology and Implementation (Satellite) Conference Proceedings, 21 November, 2023. – С.116-126.

Doriguzzi-Corin R., Millar S., Scott-Hayward S. Dataset-Driven DDoS Attack Detection Using Neural Networks // IEEE Transactions on Network and Service Management, 2021.

Zargar S. T., Joshi J., Tipper D. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks // IEEE Communications Surveys & Tutorials, 2020.

Miao Y., Gong Z., Zhou W. Machine Learning-Based DDoS Detection and Mitigation in SDN Environments. – Elsevier, 2022.

Radovanović M., Filipović N. Deep Learning Techniques for Anomaly Detection in Network Traffic. // IEEE Access, 2021.

Abawajy J., Hassan M. RNN-Based Approaches for Early DDoS Detection. – Elsevier, 2022.

Kaur J., Kumar V. Unsupervised Anomaly Detection Using Clustering Techniques // Journal of Network Security, 2021.

Sharma S., Gupta P. Frequency-Based Filtering Methods for DDoS Attack Prevention. // International Journal of Computer Applications, 2020.

Liu H., Zhang Y. Hybrid Filtering Techniques for Anomaly Detection in High-Volume Traffic // Computers & Security, 2022.

Park K., Kim S. Integrated Multi-Layer Network Defense Against DDoS. – Springer, 2021.

Zhu Y., Chen L. Adaptive Filtering and Anomaly Detection in Real-Time Systems // IEEE Transactions on Information Forensics and Security, 2023.

Стефурак О.Р., Тихонов Ю.О., Лаптєв О.А., Зозуля С.А. Удосконалення стохастичної моделі з метою визначення загроз пошкодження або несанкціонованого витоку інформації // Сучасний захист інформації, 2020. – № 2(42). – С.19-26.

Пепа Ю.В., Хорошко В.О., Хохлачова Ю.Є., Аль-Далваш А. Методика аналізу та оцінки захищеності систем захисту інформації з урахуванням ступеня перекриття загроз // Сучасний захист інформації, 2024. – № 1(57). – С.69-76.

Опанасенко М.І., Поночовний П.М. Технологія забезпечення кібербезпеки хмарного середовища на базі рішення Cisco Cloudlock // Сучасний захист інформації, 2023. – № 1(53). – С.72-78.

Хорошко В.О., Лаптєв О.А., Хохлачева Ю.Є., Аль-далваш Аблуллах Фоуад, Пепа Ю.В. Особливості проектування захищених інформаційних мереж. Наукоємні технології. 2024.Том 62. № 2 . С.154-163 https://doi.org/10.18372/2310-5461.62.18709

Дробик О. В., Лаптєв О. А., Пархоменко І. І., Богуславська О. В., Пепа Ю. В., Пономаренко В. В. Розпізнавання радіосигналів на основі апроксимації спектральної функції у базисі передатних функцій резонансних ланок другого порядку. Сучасний захист інформації. 2024. №2. С.13-23. https://doi.org/ 10.31673/2409-7292.2024. 020002

Downloads

Published

2025-05-20

Issue

Vol. 26 No. 2 (2024): Ukrainian Information Security Research Journal

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).