Informacionnye Tehnologii

Информационные технологии

1684-6400

New Technologies Publishing House

702191

10.17587/it.31.72-79

Information security

Безопасность информации

Review Article

Review and analysis of intelligent methods of critical information infrastructure protection on the example of the financial sector of the Russian Federation

Обзор и анализ интеллектуальных методов защиты критической информационной инфраструктуры на примере финансового сектора Российской Федерации

Palchevsky

E. V.

Пальчевский

Е. В.

Russian Federation

Senior Lecturer

ст. преподаватель

teelxp@inbox.ru

Antonov

V. V.

Антонов

В. В.

Russian Federation

Dr. Sci. (Tech.), Professor

д-р техн. наук, проф.

antonov.v@bashkortostan.ru

Financial University under the Government of the Russian FederationФинансовый университет при Правительстве Российской Федерации

Ufa University of Science and TechnologyУфимский университет науки и технологий

15022025

312

727904022026

2025

Informacionnye Tehnologii

Информационные технологии

https://journals.eco-vector.com/1684-6400/article/view/702191

In recent years, cyberattacks, including DDoS attacks, on the critical information infrastructure of the Russian Federation have resulted in financial losses for companies, enterprises, individuals, universities and even hospitals. The damage reaches trillions of roubles,and on average, each large online shop that has been attacked can lose up to 600,000 roubles a day. And this is despite the fact that most companies have their own equipment and software to detect and filter DDoS attacks, or use the services of providers/data centres.

The main reason is that not all companies, providers and data centres have sufficient capacity to filter DDoS attacks of various types and types. In addition, an equally important reason is the misconfiguration of physical servers and network equipment ranging from switches to software-defined networks (SDNs)/content delivery networks (CDNs).

Thus, given the importance and necessity of ensuring the availability of critical information infrastructure in the era of digital economy, this paper presents a comprehensive systematic review of DDoS attack types and their intelligent filtering techniques.

The main findings and results of this study open up the possibility of implementing next-generation systems based on neural networks and computational clusters to analyse network traffic and detect DDoS attacks. In addition, these systems will help to solve existing critical problems, the main ones being the speed of response to emerging cyberattacks and the quality of filtering unauthorised network traffic.

За последние годы кибератаки, в том числе и DDoS-атаки, на критическую информационную инфраструктуру Российской Федерации привели к финансовым потерям компаний, предприятий, частных лиц, университетов и даже больниц. Ущерб достигает триллионов рублей, при этом в среднем каждый крупный онлайн-магазин, подвергающийся атакам, может терять до 600 тысяч рублей в сутки. И это при том, что большинство компаний имеют собственное аппаратно-программное обеспечение по обнаружению и фильтрации DDoS-атак, либо пользуются услугами провайдеров/центров обработки данных.

Основная причина заключается в том, что не у всех компаний, провайдеров и центров обработки данных есть достаточные мощности для фильтрации DDoS-атак различных видов и типов. Более того, не менее важной причиной является неправильная конфигурация физических серверов и сетевого оборудования, начиная от коммутаторов и заканчивая программно-определяемыми сетями (SDN)/сетями доставки контента (CDN).

C учетом важности и необходимости обеспечения доступности критической информационной инфраструктуры в эпоху цифровой экономики представлен всесторонний системный обзор типов DDoS-атак и методов их интеллектуальной фильтрации.

Основные выводы и результаты данного исследования открывают возможность внедрения основанных на нейронных сетях и вычислительных кластерах систем нового поколения анализа сетевого трафика и обнаружения DDoS-атак. Более того, данные системы позволят решить и существующие критические проблемы, основными из которых являются скорость реагирования на возникающие кибератаки и качество фильтрации несанкционированного сетевого трафика.

DDoS attacksDDoS attack filteringunauthorised network trafficDDoS attack protectionintelligent methods of DDoS attack protection

DDoS-атакифильтрация DDoS-атакнесанкционированный сетевой трафикзащита от DDoS-атакинтеллектуальные методы защиты от DDoS-атак

Government of RF

Правительство РФ

The article is based on the results of research carried out at the expense of budgetary funds under the state assignment of Finuniversity (Financial University under the Government of the Russian Federation).

Статья подготовлена по результатам исследований, выполненных за счет бюджетных средств по государственному заданию Финуниверситета.

Souiden I., Omri M., Brahmi Z. A survey of outlier detection in high dimensional data streams, Computer Science Review, vol. 44, pp. 100463.

CloudFlare Report, available at: https://blog.cloudflare. com/ddos-attack-trends-for-2022-q1/ (accessed: 10.03.2024).

TAdviser Information Technology Resource, available at: https://www.tadviser.ru/index.php/Статья:Безопасность_критической_информационной_инфраструктуры_РФ (accessed: 11.03.2024).

CloudFlare Report, available at: https://blog.cloudflare.com/ddos-threat-report-2023-q4 (accessed: 11.03.2024).

Klimenko T. M., Akzhigitov R. R. Overview of methods for detecting distributed denial-of-service attacks based on machine learning and deep learning, International Journal of Open Information Technologies, 2023, vol. 11, no. 6, pp. 46—66 (in Russian).

Kponyo J. J., Agyemang J. O., Klogo G. S., Boateng J. O. Lightweight and host-based denial of service (DoS) detection and defense mechanism for resource-constrained IoT devices, Internet of Things (Netherlands), 2020, vol. 12, pp. 100319, doi: 10.1016/j.iot.2020.100319.

NG S. DDoSMitigator: An On-The-Fly Method of Mitigating Denial of Service Attack in Software Defined Networking, International Journal for Research in Applied Science and Engineering Technology, 2022, vol. 10, no. 12, pp. 404—420, doi: 10.22214/ijraset.2022.47885.

Sukhoparov М. Е., Lebedev I. S., Salakhutdinova K. I. Method for identifying the information security status of internet of things devices, Informazionnye tehnologii, 2021, vol. 27, no. 2, pp. 72—77, doi: 10.17587/it.27.72-77 (in Russian).

Noskov S. I., Vergasov A. S. Regression model of structural factors of cyber threats, Software engineering, 2020, vol. 11, no. 4, pp. 251—256, doi: 10.17587/prin.11.251-256 (in Russian).

10.

Drachev G. A. Development of an algorithm for extracting and encoding data from computing system log messages for anomaly detection systems, Informazionnye tehnologii, 2023, vol. 29, no. 7, pp. 351—359, doi: 10.17587/it.29.351-359 (in Russian).

11.

Abramov A. G., Evseev A. V. Conceptual aspects of creating a new generation national research computer network in the Russian Federation, Informazionnye tehnologii, 2019, vol. 25, no. 12, pp. 724—733, doi: 10.17587/it.25.724-733 (in Russian).

12.

Sokolovsky S. P. Parametric optimisation of information systems in solving the problem of network connectivity management with network reconnaissance tools, Informazionnye tehnologii, 2022, vol. 28, no. 6, pp. 302—308, doi: 10.17587/it.28.302-308 (in Russian).

13.

Gangula R., Mohan V. M., Kumar R. A comprehence study of DDoS attack detecting algorithm using GRU-BWFA classifier, Measurement: Sensors, 2022, vol. 24, p. 100570, doi: 10.1016/j.measen.2022.100570.

14.

Guts A. K. Mathematical differential game model of a computer system and its defence against DDoS-attacks, Journal of Physics: Conference Series: 15, 09—11 November 2021, Online, 2022, pp. 012021, doi: 10.1088/1742-6596/2182/1/012021.

15.

Khristodulo O. I., Palchevsky E. V. Development of a self-learning method of a pulse neural network for DDoS attack defence, Software & Systems, 2019, no. 3, pp. 41—432 (in Russian).

16.

Cisco Products, available at: https://www.cisco.com/c/en/us/products/index.html (accessed: 15.03.2024).

17.

СКАТ DPI, available at: https://vasexperts.ru/products/skat/ (accessed: 15.03.2024).

18.

PROTEI DPI, available at: https://protei.ru/sites/default/files/2021-10/L_DPI_2020_rus.pdf (accessed: 15.03.2024).

19.

Napa Labs, available at: https://napalabs.ru/ (accessed: 15.03.2024).

20.

Sandvine, available at: https://www.sandvine.com/ (accessed: 16.03.2024).

21.

Huawei Enterprise Network, available at: https://e.huawei.com/en/solutions/enterprise-network (accessed: 16.03.2024).

22.

Netscout Arbor, available at: https://www.netscout.com/arbor (accessed: 16.03.2024).

23.

Juniper Networks, available at: https://www.juniper.net/(accessed: 16.03.2024).

24.

Xie L., Yuan B., Yang H., Hu Z., Jiang L., Zhang L., Cheng X. MRFM: A timely detection method for DDoS attacks in IoT with multidimensional reconstruction and function mapping, Computer Standards & Interfaces, 2024, vol. 89, pp. 103829, doi: j.csi.2023.103829.

25.

Jaszcz A., Połap D. AIMM: Artificial Intelligence Merged Methods for flood DDoS attacks detection, Journal of King Saud University Computer and Information Sciences, 2022, vol. 34, iss. 10, part A, pp. 8090—8101, doi: j.jksuci.2022.07.021.

26.

Coscia A., Dentamaro V., Galantucci S., Maci A., Pirlo G. Automatic decision tree-based NIDPS ruleset generation for DoS/DDoS attacks, Journal of Information Security and Applications, 2024, vol. 82, pp. 103736, doi: j.jisa.2024.103736.

27.

Kotenko I. V., Saenko I. B., Lauta O. S., Kribel A. M. Methodology of anomaly detection and cyberattacks based on the integration of fractal analysis and machine learning methods, Informatics and Automation, 2022, vol. 21, no. 6, pp. 1328—1358, doi: 10.15622/ia.21.6.9 (in Russian).

28.

Vulfin A. M. Detection of network attacks in a heterogeneous industrial network on the basis of machine learning technologies, Software, 2022, vol. 13, no. 2. pp. 68—80, doi: 10.17587/prin.13.68-80 (in Russian).

29.

Kozachok A. V., Spirin A. A. Model of pseudorandom sequences formed by the algorithms of data encrypti on and compression, Programming, 2021, no. 4, pp. 31—44, doi: 10.31857/S0132347421040051 (in Russian).

30.

Koryakova V. A. Detection of distributed attacks of the "denial of service" type, Mathematical Methods in Technology and Engineering, 2021, no 5, pp. 105—108, doi: 10.52348/2712-8873_MMTT_2021_5_105 (in Russian).

31.

Sharif D. M., Beitollahi H. Detection of application-layer DDoS attacks using machine learning and genetic algorithms, Computers & Security, 2023, vol. 135, p. 103511, doi: 10.1016/j.cose.2023.103511.

32.

Hossain A. M., Islam M. S. Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: A promising solution for robust cybersecurity, Measurement: Sensors, 2024, vol. 32, pp. 101037, doi: 10.1016/j.measen.2024.101037.

33.

Sergadeeva A. I., Lavrova D. S. Application of a modular neural network for DDOS-attack detection, Problems of information security. Computer systems, 2023, no. 1 (53), pp. 111—118, doi: 10.48612/jisp/65d1-nu8m-8euv.

34.

Palchevsky E. V., Khalikov A. R. Development of a remote client for automated data transfer in UNIX-like systems, Software Products and Systems, 2019, no. 1, pp. 092—102.

35.

Palchevsky E. V., Antonov V. V., Rodionova L. E., Kromina L. A. Development of a self-learning spike neural network for proactive response to external information impacts of different nature, International Journal of Open Information Technologies, 2022, vol. 10, no. 7, pp. 74—85 (in Russian).

36.

Hnamte V., Najar A. A., Nhung-Nguyen H., Hussain J., Sugali M. N. DDoS attack detection and mitigation using deep neural network in SDN environment, Computers & Security, 2024, vol. 138, pop. 103661, doi: 10.1016/j.cose.2023.103661.

37.

Yungaicela-Naula N. M., Vargas-Rosales C., Perez-Diaz J. A. SDN/NFV-based framework for autonomous defense against slow-rate DDoS attacks by using reinforcement learning, Future Generation Computer Systems, 2023, vol. 149, pp. 637—649, doi: 10.1016/j.future.2023.08.007.