Automatic Control and Computer Sciences

, Volume 52, Issue 5, pp 421–430 | Cite as

Network Traffic Anomalies Detection Using a Fixing Method of Multifractal Dimension Jumps in a Real-Time Mode

  • O. I. SheluhinEmail author
  • I. Yu. LukinEmail author


This article considers the possibility of detecting traffic anomalies on the basis of multiscale, multifractal analysis by monitoring fractal-dimensional jumps in real time. The method is based on the current estimation of multifractal properties of traffic using a sliding window and multiscale wavelet analysis. The numerical results allow us to conclude that fixing the jumplike change in the fractal dimension for various components of the multifractal spectrum makes it possible to pinpoint the presence of an anomaly with significant accuracy. In practice, the estimation of these multifractality components in this spectrum can be achieved by constructing a multichannel algorithm, each channel of which is oriented with the corresponding component of the multifractal spectrum.


anomalies detection multifractal real-time analysis multiscale analysis wavelet decomposition sliding analysis window fractal dimension 


  1. 1.
    Luo, X., Chan, E.W.W., and Chang, R.K.C., Vanguard: A new detection scheme for a class of TCP targeted denial-of-service attacks, EURASIP J. Adv. Signal Process., 2009, vol. 2009.Google Scholar
  2. 2.
    Lu, L.F., Huang, M.L., Orgun, M.A., and Zhang, J.W., An improved wavelet analysis method for detecting DDoS attacks, 4th International Conference on Network and System Security, 2011, pp. 318–322.Google Scholar
  3. 3.
    Chandola, V., Banerjee, A., and Kumar, V., Anomaly detection for discrete sequences: A survey, IEEE Trans. Knowl. Data Eng., 2012, vol. 24, no. 5.Google Scholar
  4. 4.
    Mohiuddin, A., Abdun Naser, M., and Jiankun, H., A survey of network anomaly detection techniques, J. Network Comput. Appl., 2015, no. 60, p. 21.Google Scholar
  5. 5.
    Bhuyan, M.H., Bhattacharyya, D.K., and Kalita, J.K., Network anomaly detection: Methods, systems and tools, IEEE Commun. Surv. Tutorials, 2013, vol. 60, no. 1, pp. 303–336.Google Scholar
  6. 6.
    Abry, P. and Veitch, D., Wavelet analysis of long-range dependent traffic, IEEE Trans. Inf. Theory, 1998, vol. 44, no. 1, pp. 2–15.MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Abry, P., Taqqu, M.S., Flandrin, P., and Veitch, D., Wavelets for the analysis, estimation, and synthesis of scaling data, in Self -Similar Network Traffic and Performance Evaluation, Park, K. and Willinger, W., Eds., John Wiley & Sons, 2000, pp. 39–88.Google Scholar
  8. 8.
    Zhengmin, X., Songnian, L., and Junhua, T., Note on studying change point of LRD traffic based on Li’s detection of DDoS flood attacking, Math. Probl. Eng., 2010, vol. 2010.Google Scholar
  9. 9.
    Gagandeep Kaur, Vikas Saxena, and Jay Prakash, Study of self-similarity for detection of rate-based network anomalies, Int. J. Secur. Its Appl., 2017, vol. 11, no. 8, pp. 27–44.Google Scholar
  10. 10.
    Sheng, Z., Qifei, P., Xuezeng, P., and Xuhui, Z., Detection of low-rate DDoS attack based on self similarity, 2010 Second International Workshop on Education Technology and Computer Science, 2010, vol. 1, pp. 333–336.Google Scholar
  11. 11.
    Kettani, H. and Gubner, J.A., A novel approach to the estimation of the Hurst parameter in self-similar traffic, Proceedings of the 27th Annual IEEE Conference on Local Computer Networks, Tampa, 2002, pp. 160–165.Google Scholar
  12. 12.
    Cheng, X., Xie, K., and Wang, D., Network traffic anomaly detection based on self-similarity using HHT and wavelet transform, Proceedings of the 5th International Conference on Information Assurance and Security, Xian, 2009, pp. 710–713. doi 10.1109/IAS.2009.21910.1109/IAS.2009.219Google Scholar
  13. 13.
    Wang, X. and Fang, B.X., An exploratory development on the Hurst parameter variety of network traffic abnormity signal, J. Harbin Inst. Technol., 2005, vol. 37, pp. 1046–1049.Google Scholar
  14. 14.
    Atayero, A.A. and Sheluhin, O.I., Integrated Model for Information Communication Systems and Networks. Design and Development, IGI Global, 2013.CrossRefGoogle Scholar
  15. 15.
    Sheluhin, O.I., Multifractals. Information Applications, Moscow: Hotline—Telecom, 2011.Google Scholar
  16. 16.
    Mallat, S., A Wavelet Tour of Signal Processing, Academic Press, 1998.zbMATHGoogle Scholar
  17. 17.
    An Introduction to R. Accessed July 6, 2018.Google Scholar

Copyright information

© Allerton Press, Inc. 2018

Authors and Affiliations

  1. 1.Moscow Technical University of Communications and InformaticsMoscowRussia

Personalised recommendations