In the paper, an adaptive hybrid heuristic (behavioral) method for detecting small traffic anomalies in high-speed multiservice communication networks, which operates in real time, is proposed and investigated. The relevance of this study is determined by the fact that network security management processes in high-speed multiservice communication networks need to be implemented in a mode close to real-time mode, as well as identifying possible network security threats in the early stages of the implementation of possible network attacks. The proposed method and algorithm belong to the class of adaptive methods and algorithms with preliminary training. The average relative error in estimating the evaluated traffic parameters does not exceed 10%, which is sufficient for the implementation of operational network management tasks. Anomalies of the expectation of traffic intensity and its dispersion are identified if their valuesexceed the normal values by 15% or more, which makes it possible to detect possible network attacks in the early phases of their implementation, for example, at the stage of scanning ports and interfaces of the attacked system. The procedure for detecting anomalous traffic behavior is implemented based on the Mamdani’s method of hierarchical fuzzy logical inference. A study of the proposed method for detecting anomalous behavior of network traffic showed its high efficiency.
Adaptive method of detecting traffic anomalies in high-speed multi-service communication networks