Optimization of classifier parameters when processing statistical characteristics of network packet metadata

Purpose of research. The article considers the possibility of increasing the probability of correct authentication of a remote message source based on the analysis of metadata of the network packets it generates. The purpose of this purpose is to develop a method for classifying authentic network packets based on the analysis of statistical characteristics of the packet arrival time and to optimize the classifier parameters to achieve maximum accuracy in determining authentic packet sequences.
Methods. The study applies methods of analyzing high-order moments of interpacket intervals, as well as logistic regression for classifying packets. The parameters of excess and asymmetry calculated based on samples of time intervals formed by the arrival of packets are used. A classifier based on minimizing the distance from pairs of values (asymmetry and excess coefficients) to a parabola corresponding to the Poisson distribution is developed.
Results. Samples with a power of 10⁴ with calculated pairs of excess and asymmetry coefficients were formed. The obtained results show that for the maximum possible classification accuracy (82-84%), the optimal parabola parameters are: a ≈ 1.0, c = 8–9. ROC curves were analyzed for different sets of parameters, which confirmed the linearity of the dependence of the proportion of true positive results on the proportion of false positives.
Conclusion. The results of the study confirmed the possibility of increasing the reliability of network packet authentication by using high-order moments of time interval data, which demonstrates the effectiveness of the proposed method. The main conclusions include the need for careful tuning of the classifier parameters to optimize the authentication process. Since the proposed method exhibits high sensitivity to changes in distributions, this opens up new directions for further research in the field of wireless network security.

1. Biswajit P. An Overview of LoRaWAN. WSEAS Transactions on Communications. 2021;(19):231–239. https://doi.org/10.37394/23204.2020.19

2. Myung L. IEEE 802.15.5 WPAN mesh standard-low rate part: Meshing the wireless sensor networks. IEEE Journal on Selected Areas in Communications. 2010;(28):973–983. https://doi.org/10.1109/JSAC.2010.100902

3. Tanygin M.O., Goncharov A.S. Investigation of the characteristics of LoRaWAN networks. Telekommunikatsii = Telecommunications. 2023;(3):32–39. (In Russ.) https://doi.org/10.31044/1684-2588-2023-0-3-32-39

4. Khorov E., Kiryanov A., Lyakhov A., Bianchi G. A tutorial on IEEE 802.11ax high efficiency WLANs. IEEE Communications Surveys and Tutorials. 2019;21(1):197–216. https://doi.org/10.1109/COMST.2018.2871099

5. Ferguson N., Schneier B., Kohno T. Block Cipher Modes. Cryptography Engineering: Design Principles and Practical Applications. Indianapolis: Wiley Publishing Inc.; 2015. P. 63–76. https://doi.org/10.1002/9781118722367.ch4

6. Binoy K.R. Cybersecurity: Fast Encryption Cipher Block Chaining Mode (FCBC Mode) for Time Series Data. Journal of Mathematical & Computer Applications. 2024;3:1–3. https://doi.org/10.47363/JMCA/2024(3)E128

7. Lixiang L. An efficient secure data transmission and node authentication scheme for wireless sensing networks. Journal of Systems Architecture. 2022;(133):102760. https://doi.org/0.1016/j.sysarc.2022.102760

8. Bo Liang, Wenling Wu, Liting Zhang. BCBC: A More Efficient MAC Algorithm. In: Information Security Practice and Experience: 7th International Conference. 2011. Guangzhou, China. Berlin: Springer; 2011. https://doi.org/10.1007/978-3-642-21031-0_18

9. Nikeshin A.V., Shnitman V.Z. Review of the extensible authentication protocol and its methods. Trudy Instituta sistemnogo programmirovaniya RAN = Proceedings of the Institute of System Programming of the Russian Academy of Sciences. 2018;30(2):113–148. (In Russ.) https://doi.org/10.15514/ISPRAS-2018-30(2)-7

10. Plugatarev A.V. A model for determining the source of messages based on statistical analysis of metadata in an open communication channel. Prikaspiiskii zhurnal: upravlenie i vysokie tekhnologii = Caspian Journal: Management and High Technologies. 2022;4:30–37. (In Russ.) https://doi.org/10.54398/20741707_2022_4_30

11. Tanygin M.O. Restoring the order of information packets based on the analysis of hash sequences. Izvestiya Yugo-Zapadnogo gosudarstvennogo universiteta = Proceedings of the Southwest State University. 2020;24(1):175–188. (In Russ.) https://doi.org/10.21869/2223-1560-2020-24-1-175-188

12. Plugatarev A.V., Tanygin M.O. Model for Determining the Message Source by Analyzing Their Arrival Time. In: 2022 International Russian Automation Conference (RusAutoCon). Sochi; 2022. P. 388–392. https://doi.org/10.1109/RusAutoCon54946.2022.9896326

13. Tanygin M.O., Mitrofanov A.V., Plugatarev A.V. Using statistical characteristics of message flows to increase the reliability of their source authentication. Telekommunikatsii = Telecommunications. 2023;(2):2–8. (In Russ.) https://doi.org/10.31044/1684-2588-2023-0-2-2-8

14. Zhukova G.N. Map of coefficients of asymmetry and excess in teaching probability theory and mathematical statistics. Nauchno-metodicheskii elektronnyi zhurnal Kontsept = Scientific and Methodological Electronic Journal Concept. 2015;(8):56–60. (In Russ.)

15. Orlov A.I. A system of models and methods for checking the uniformity of two independent samples. Politematicheskii setevoi elektronnyi nauchnyi zhurnal Kubanskogo gosudarstvennogo agrarnogo universiteta = Polythematic Online Electronic Scientific Journal of the Kuban State Agrarian University. 2020;(157):145–169. (In Russ.) https://doi.org/10.21515/1990-4665-157-012

16. Orlov A.I. On methods of checking the uniformity of two independent samples // Factory laboratory. Diagnostika materialov = Diagnostics of Materials. 2020;86(3):67–76. (In Russ.) https://doi.org/10.26896/1028-6861-2020-86-3-67-76

17. Zhukova G.N. Identification of distribution by coefficients of skewness and kurtosis. Avtomatizatsiya. Sovremennye tekhnologii = Automation. Modern Technologies. 2016;(5):26–33. (In Russ.)

18. Kerimov K.F., Azizova Z.I. Network traffic analysis using machine learning algorithms in an automated information system for rapid response to information security incidents and network traffic filtering. Elektronnyi nauchnyi zhurnal «Potomki Al'-Fargani» Ferganskogo filiala TATU imeni Mukhammada Al'-Khorazmi = The electronic scientific journal «Descendants of Al-Fargani» of the Fergana Branch of the Muhammad Al-Khorazmi TATU. 2024;1(2):281–285. (In Russ.)

19. Kostin D.V., Shelukhin O.I. Comparative analysis of machine learning algorithms for classifying network encrypted traffic. T-Comm – Telekommunikatsii i transport = T-Comm – Telecommunications and Transport. 2016;10(9):43–52. (In Russ.)

20. Tanygin M.O., Dobritsa V.P., Mitrofanov A.V., Akhmat H.I. Mathematical interpretation of the results of cognitive analysis of metadata network packets. Izvestiya Yugo-Zapadnogo gosudarstvennogo universiteta = Proceedings of the Southwest State University. 2023;27(3):66–78. (In Russ.) https://doi.org/10.21869/2223-1560-2023-27-3-66-78