CENTRALIZED DISTRIBUTED ATTACK DETECTION SYSTEM IN CORPORATE COMPUTER NETWORKS BASED ON MULTIFRACTAL ANALYSIS

Abstract

The architecture and components of a distributed network attack detection system are proposed in the paper, which combines the requirements of centralization, distribution, self-organization and on its basis develops a centralized distributed network attack detection system in corporate computer networks based on multifractal analysis. Experimental studies with a centralized distributed system for detecting network attacks in computer networks have confirmed the effectiveness of functioning in a computer network.

The proposed centralized system is based on the use of multifractals. Multifractals are complex fractals that occur, as a rule, in nature. In fact, the multifractal approach means that some object under study can be divided into parts that have their own similarity characteristics that are different from others. Network traffic is self-similar at some intervals. Therefore, the method of maxima of wavelet transform modules will be used for its analysis, which allows to determine the features of the signal.

To conduct experimental research, a distributed system was implemented and software was deployed to detect attacks on local computer networks. The study found that the total data processing time is about 8 seconds, while the amount of data is almost 4.9 million lines, in the format of a text document, this data is more than 700 megabytes. Thus, this indicates the high speed of the algorithm and the efficiency of system resources.