View in EDS

Detection of anomalous network behavior based on one-way delay measurements.

Saved in:
Bibliographic Details
Title: Detection of anomalous network behavior based on one-way delay measurements.
Authors: Sagatov, E. S., Chernysh, D. P., Mayhoub, S., Sukhov, A. M.
Source: Discover Internet of Things; 11/10/2025, Vol. 5 Issue 1, p1-16, 16p
Subject Terms: DENIAL of service attacks, ANOMALY detection (Computer security), COMPUTER network monitoring, NETWORK performance, ROUTING (Computer network management), TIME measurements
Abstract: A global network monitoring system measuring IP network performance metrics (IPPM) is presented, which is proposed for use in network security. The monitoring system measures network latency and related values. The dependence of IPPM on the power of a DDoS attack is used to determine the moment of the attack. Another method of attack detection is to study changes in routes between measurement nodes. A change in route is accompanied by a sudden change in one-way delay (OWD). Recent reviews on OWD recommend the use of the One-way Active Measurement Protocol (OWAMP protocol). Studies have shown that using the OWAMP protocol to measure OWD gives two different results for the same route. An updated mechanism for measuring one-way delay has been proposed. The novelty of the method lies in the use of a new type of timestamp, which is set directly at the moment of sending and receiving the measurement packet. A new measurement utility has been created that eliminates measurement errors. Article Highlights: One-way delay metrics effectively identify network attacks like DDoS throughsudden performance shifts. New timestamp types in OWD tools eliminate key measurement issues and improveresult accuracy. Sudden delay variations highlight potential routing issues, necessitating thoroughroute verification. [ABSTRACT FROM AUTHOR]
Copyright of Discover Internet of Things is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:A global network monitoring system measuring IP network performance metrics (IPPM) is presented, which is proposed for use in network security. The monitoring system measures network latency and related values. The dependence of IPPM on the power of a DDoS attack is used to determine the moment of the attack. Another method of attack detection is to study changes in routes between measurement nodes. A change in route is accompanied by a sudden change in one-way delay (OWD). Recent reviews on OWD recommend the use of the One-way Active Measurement Protocol (OWAMP protocol). Studies have shown that using the OWAMP protocol to measure OWD gives two different results for the same route. An updated mechanism for measuring one-way delay has been proposed. The novelty of the method lies in the use of a new type of timestamp, which is set directly at the moment of sending and receiving the measurement packet. A new measurement utility has been created that eliminates measurement errors. Article Highlights: One-way delay metrics effectively identify network attacks like DDoS throughsudden performance shifts. New timestamp types in OWD tools eliminate key measurement issues and improveresult accuracy. Sudden delay variations highlight potential routing issues, necessitating thoroughroute verification. [ABSTRACT FROM AUTHOR]
ISSN:27307239
DOI:10.1007/s43926-025-00242-1