Identification of DoS attacks by analysis of some statistical characteristics of traffic

Currently, the number of attacks carried out every day around the world is constantly increasing. Moreover, cybercriminals use new, previously unknown methods along with old methods and tools. It’s getting harder and harder to spot them. This article discusses the problem of identifying an anomalous component in traffic caused by the activities of intruders or network failures. For this, a denial-of-service attack is simulated and the corresponding traffic is captured for further analysis. The statistical characteristics of traffic corresponding to the normal state of the system and the state of an active attack are compared. Based on the results of the analysis, it is concluded that there are statistical dependencies in certain parameters of network traffic, which make it possible to conclude that an anomalous component has been detected.