METHODOLOGY OF EARLY DETECTION OF DDOS ATTACKS TO PROTECT INFORMATION INFRASTRUCTURE OBJECTS

The approach of detecting the beginning of a DDoS attack by statistical methods, taking
into account seasonality, is considered. The standard setting of limits on the number of requests associated
with the occurrence of random triggers and various load of the web resource, depending
on the time of day and days of the week, has a number of disadvantages. To optimize the process,
it is proposed to use a floating estimate characterizing the current network activity based on the
standard deviation (RMS), as well as taking into account seasonal fluctuations. A k-means clustering
method for distributing client requests is proposed. The algorithm selects two clusters from
mixed traffic. The first is a set of legitimate requests, the second is a set of malicious requests. The
introduction of the proposed technique into the protection system, which takes into account the seasonality of DDoS attacks for various types of infrastructure objects, can increase the efficiency of
detecting such attacks without increasing resource intensity