Tensor methods for increasing the resilience of digital ecosystems to DDoS attacks: an integrated approach based on CP-decomposition and entropy analysis

The article discusses a method for detecting DDoS attacks in digital ecosystems using tensor analysis and entropy metrics. Network traffic is formalized as a 4D tensor with the following dimensions: IP addresses, timestamps, request types, and countries of origin. The CP decomposition with rank 3 is used to analyze the data, which allows revealing hidden patterns in traffic. An algorithm for calculating the anomaly score (AS) is developed, which takes into account the factor loadings of the tensor decomposition and the entropy of time distributions. Experiments on real data have shown that the proposed method provides 92 % attack detection accuracy with a false positive rate of 1.2 %. Compared to traditional signature-based methods, the accuracy increased by 35 %, and the number of false positives decreased by 86 %. The method has proven effective in detecting complex low-rate attacks that are difficult to detect by standard methods. The results of the study can be useful for protecting various digital ecosystems, including financial services, telecommunication networks, and government platforms. The proposed approach expands the capabilities of network traffic analysis and can be integrated into modern cybersecurity systems. Further research could be aimed at optimizing the computational complexity of the algorithm and adapting the method to different types of network infrastructures.

1. Kolda T.G., Bader B.W. Tensor Decompositions and Applications. SIAM Review. 2009;51(3):455–500. https://doi.org/10.1137/07070111X

2. Cichocki A., Zdunek R., Phan A.H., Amari Sh.-I. Nonnegative Matrix and Tensor Factorizations: Applications to Exploratory Multi-Way Data Analysis and Blind Source Separation. Singapore: John Wiley & Sons; 2009. 504 p.

3. Anandkumar A., Ge R., Hsu D., Kakade Sh.M., Telgarsky M. Tensor Decompositions for Learning Latent Variable Models. Journal of Machine Learning Research. 2014;15:2773–2832. https://doi.org/10.1007/978-3-319-24486-0_2

4. Sun T., Sun X.-M. New Results on Classification Modeling of Noisy Tensor Datasets: A Fuzzy Support Tensor Machine Dual Model. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2022;52(8):5188–5200. https://doi.org/10.1109/TSMC.2021.3119422

5. Panagakis Ya., Kossaifi J., Chrysos G.G., et al. Tensor Methods in Computer Vision and Deep Learning. Proceedings of the IEEE. 2021;109(5):863–890. https://doi.org/10.1109/JPROC.2021.3074329

6. Wang Q., Chen L., Wang Q., Zhu H., Wang X. Anomaly-Aware Network Traffic Estimation via Outlier-Robust Tensor Completion. IEEE Transactions on Network and Service Management. 2020;17(4):2677–2689. https://doi.org/10.1109/TNSM.2020.3024932

7. Ramenskaya L.A. Ecosystem Approach to the Analysis of Business Architecture Objects. Fundamental Research. 2022;(10–1):147–152. (In Russ.). https://doi.org/10.17513/fr.43358

8. Ramenskaya L.A. Overview of Approaches to Research of Business Ecosystems. Vestnik Altaiskoi akademii ekonomiki i prava. 2019;(12–2):153–158. (In Russ.). https://doi.org/10.17513/vaael.890

9. Orekhov A.V., Orekhov A.A. Network Traffic Anomalies Automatic Detection in DDoS Attacks. Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes. 2023;19(2):251–263. (In Russ.). https://doi.org/10.21638/11701/spbu10.2023.210

10. Mishin A.E. Using Machine Learning to Predict Cyber Attacks. Hi-Hume Journal. 2023;(3):80–89. (In Russ.).

11. Kulmamirov S.A., Baimamanova A.A. Current State of DDoS Attack Detection and Counteraction. Aktual'nye nauchnye issledovaniya v sovremennom mire. 2020;(4–2):50–57. (In Russ.).

12. Voevodin V.A., Chernyaev V.S., Burenok D.S., Vinogradov I.V. Assessment Methodology for Security of an Automated Control System of Critical Information Infrastructure Against DDoS Attacks Based on Monte Carlo Simulation. Herald of Dagestan State Technical University. Technical Sciences. 2023;50(1):62–74. (In Russ.). https://doi.org/10.21822/2073-6185-2023-50-1-62-74