In the word we present and research an adaptive heuristic (behavioral) method of detecting traffic anomalies in high-speed multi-service communication networks, functioning in real time. The actual of this study due to the fact that many processes of information and network security management, as well as processes of risk management of their threats realization in high-speed multi-service communication networks need to be implemented in close to real time.
The approach proposed in the work is based on the concept of conditional nonlinear Pareto - optimal filtration by V. S. Pugachev. The main idea of this approach is that the traffic parameter is estimated in two stages, at the first stage the forecast of parameter values is estimated, and at the second stage the following observations of parameters are obtained, their values are corrected. In the proposed method and algorithm, traffic parameter values are predicted in a small sliding window, and adaptation is implemented on the basis of pseudogradient procedures, parameters of which are adjusted by means of the Takagi-Sugeno fuzzy logical inference method. A feature of the developed procedures for estimating characteristics high-speed traffic of multi-service communication networks is that they allow to take into account dynamics change parameters of network traffic. The proposed method and algorithm belong to a class of adaptive methods and algorithms with pre-learning. Average relative error of estimated traffic parameters estimation does not exceed 10%, which is sufficient value for implementation of operational network control tasks.
The procedure of detecting abnormal traffic behavior of the high-speed multi-service communication network in operation is implemented on the basis of the Mamdani fuzzy logic inference method, in which intervals of traffic parameters state are determined on the basis of the adopted security policy in the network. The study of the proposed method of detecting abnormal behavior of network traffic showed its high efficiency.