Abstract: An anomaly detection system is described for detecting an anomalous event associated with source data. The anomaly detection system comprises a data grouping creator arranged to produce a plurality of data groupings of data elements from a data group of data elements. The data group is obtained from the source data, the data groupings including data elements from the data group and less data elements than the data group, and the source data conforming substantially to a natural power law when an anomalous event is not present. The system also includes a power law goodness of fit tester arranged, for each of at least some of the data group and data groupings, to compare a power law profile obtained from the data group or data grouping with a reference power law profile, and produce a goodness of fit value indicative of a similarity between the power law profile obtained from the data group or data grouping and the reference power law profile.
Abstract: A method of detecting and mitigating a denial of service attack is described. The method comprises monitoring incoming first traffic packets, building a first Benford distribution of the first traffic packets, the first Benford distribution corresponding to network behaviour associated with normal traffic, and detecting a denial of service attack associated with incoming second traffic packets. After detecting the denial of service attack, the method involves sorting the incoming second traffic packets according to a characteristic of the incoming second traffic packets to create a Zipf distribution, building a second Benford distribution of the second traffic packets using the Zipf distribution and the first Benford distribution, discarding incoming second traffic packets that are not consistent with the second Benford distribution, and allowing incoming second traffic packets that are consistent with the second Benford distribution.
Type:
Grant
Filed:
September 21, 2021
Date of Patent:
April 11, 2023
Assignee:
HYPRFIRE PTY LTD
Inventors:
Mihai Mugurel Lazarescu, Sie Teng Soh, Subhash Kak, Stefan Prandl
Abstract: A method and system for detecting and mitigating a denial of service attack against a destination server (12) and/or connected devices (14). Incoming traffic packets (26) are monitored and a first distribution of the incoming traffic packets (26) is built in accordance with Benford's Law for normal traffic behaviour. A denial of service attack is detected when it occurs. Once an attack is detected, the incoming traffic packets (26/28) are sorted in accordance with Zipf's Law and a sorted distribution is created. The sorted distribution is compared with the first distribution. The incoming traffic packets (28) in the sorted distribution that are not consistent with the first distribution are discarded. A second distribution is then built in accordance with Benford's Law using the incoming traffic packets (28) in the sorted distribution excluding the discarded incoming traffic packets.
Type:
Grant
Filed:
January 15, 2018
Date of Patent:
November 30, 2021
Assignee:
HYPRFIRE PTY LTD
Inventors:
Mihai Mugurel Lazarescu, Sie Teng Soh, Subhash Kak, Stefan Prandl