Formalized of Model of Linear Kind for Differentiate Distributed Network Attacks on the Basis of a Weight Coefficients

: This study discusses the problem distributed network attacks, formalized of model of linear kind for differentiate distributed network attacks on the basis of a weight coefficients Structured the formalized mathematical models allow to consider structure of the On network to a basis big percent, a measure of influence of each type of attack that gives the fine chance effectively to design to protect information system taking into account information on threats. Based on classification of information threats, characteristic for distributed network attacks it is offered the formalized models of a linear look for differentiation of attacks on the basis of a method of weight coefficients. By these indicators and coefficients it is possible to define the main types of threats in computer systems allowing to design effectively systems of information security taking into account information threats.


INTRODUCTION
The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component. DoS attacks may also target human-system communications (e.g., disabling an alarm or printer), or human-response systems (e.g., disabling an important technician's phone or laptop).
The growth of cyber crime in recent years, allows unauthorized access to the resources of computer networks. Among the most widespread numerous attacks of malefactors to on computer networks is a interruption and distortions of a package traffic. The most devastating attack in today's time is an attack aimed at denial of service of legal services. In this case the initiator of attacks compromises knot user, operating its resources, for receiving full management of knot. The initiator of attacks directs a large number of a counterfeit traffic to knot user, consuming thus the capacity of essential volume that leads to impossibility to serve a legitimate traffic. To such class belong of attacks DoS (Denial of Service), DDoS (Distributed Denial of Service), DRDoS (Distributed Reflection Denial of Service) (Apiecionek et al., 2015).
Computer network providing every opportunity for exchanging data between the client and server, but now widely distributed attack denial of service clients, the determination of distributed attacks in the network is particularly acute. The most common types of such attacks are DoS/DDoS/DRDoS attacks, which deny certain users of computer network services (Stone, 2000).
"Denial of Service" or "DoS attack" are one of types of network attacks, are intended "to flood" target networks or cars with a large number of a useless traffic, so that overload the attacked machine. The main essence of DoS of attack to make the services working at the target car (for example, the website, the DNS server and so forth) temporarily inaccessible to alleged users. DDoS attacks are usually carried out on a web server on which there are vital services, such as bank services, electronic commerce, processing of personal information, credit cards (Denial-of-Service Attack, 2015).
The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable (Ioannidis and Bellovin, 2002).
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component. DoS attacks may also target human-system communications (e.g., disabling an alarm or printer), or human-response systems (e.g., disabling an important technician's phone or laptop) (Dean et al., 2001).
DoS attacks can also target tangible system resources, such as computational resources (bandwidth, disk space, processor time); configuration information (routing information, etc.); state information (for example, unsolicited TCP session resetting). Moreover, a DoS attack can be designed to: execute malware that maxes out the processor, preventing usage; trigger errors in machine microcode or sequencing of instructions, forcing the computer into an unstable state; exploit operating system vulnerabilities to sap system resources; crash the operating system altogether (Deepthi et al., 2015).
DDoS-attack the distributed attack like refusal in service which is one of the most widespread and dangerous network attacks.
DDOS is a type of DOS attack where multiple compromised systems-which are usually infected with a Trojan are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack (Elliott, 2000).
DDoS attack, the incoming traffic flooding the victim originates from many different sourcespotentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin (Lee, 2000;Yang et al., 2014).

MATERIALS AND METHODS
To build a system to protect computer networks identified the main types of threats and their impact on network security. On the basis of the classification of known attacks denial of service developed a formal mathematical model of linear species. In this model is used the method of weight factors. The constructed formalized mathematical models of probability of information DoS/DDoS/DRDoS-threats, that define the matrix activity network by which the attack is uniquely determined (Özçelik and Brooks, 2014).
Using the method of weighting coefficients developed a mathematical model of communication of client and server for the differentiation of attacks in computer networks containing probability compromised node number of paths from the access points to the destination. The comparative characteristics of the implementation of Denial of Service client-server system, allows us to distinguish what type of attacks carried out its initiator (Baba and Matsuda, 2002).
In this study we investigate the traffic and the analysis of its volume, which depends on the type of exposure to attacks DoS/DDoS/DRDoS. Describes the characteristics of computer network attacks during a Denial of Service using a large number of compromised nodes, reflecting the growth of generating traffic and significant work client-server system (Szczerba and Volkov, 2013).
For the solution of the task it is necessary to use classification of information threats, DoS/ DDoS/DRDoS of attacks and the formalized models to measure influence on productivity operation of a computer network.
It will allow solving effectively a problem of detection of attacks on access point of a computer network. Construct the formal mathematical models of probability of information threats, DoS/DDoS/DRDoS of attacks on the basis of the linear form by method of weight factors (Bhuyan et al., 2015).
To solve this problem it is advisable to use the classification of information threats and DoS/ DDoS/DRDoS attacks and mathematical models of the level of impact indicators to work a computer network. This will allow the use of indicators and of coefficients and to establish the degree of influence.
Based on the classification of information threats, prompted a formal mathematical model that is used to determine the influence of each parameter on the threat (Deepthi et al., 2015).
Having analyzed classification of DoS/DDoS/ DRDoS of attacks, it is possible to offer the formalized mathematical model which allows defining a level of influence of indexes of attacks on computer networks: P IT = α i (P Konf , P Chel , P Dost ) P DoS = β i (P Smurf , P Fraggle , P SYNFlood , P DNS ) P DDoS = δ i (P Trinoo , P TFN/TFN2K , P Stacheldraht ) (1) P DRDoS = µ i (P Smurf , P Fraggle , P DNS , P SNMP ) computer networks and allow these attacks to take into account in the design and operation of information security systems.
By these indexes and coefficients it i define the main types of threats and their influence of the security level of computer networks allowing to design effectively systems of information security taking into account information threats (  2000).
To solve the task should use the classification of information threats, DoS/DDoS/DRDoS formalized models (2) measure the impact on job performance computer network.
This will effectively solve the problem of detecting attacks on computer network access point. Construct formal mathematical models of probability of information threats, DoS/DDoS/DRDoS on the linear form of the method of weighting coefficients (Li et al., 2008): P_IT_ (P) = α 1 P Konf + α 2 P Chel + α 3 P Dost P_DoS (P) = β 1 P Smurf + β 2 P Fraggle + β 3 P SYNFlood P_DDoS (P) = δ 1 P Trinoo + δ 2 P TFN/TFN2K + δ P_DRDoS (P) = µ 1 P Smurf + µ 2 P Fraggle + µ App. Sci. Eng. Technol., 10(12): 1414-1419 1416 computer networks and allow these attacks to take into account in the design and operation of information By these indexes and coefficients it is possible to define the main types of threats and their influence of the security level of computer networks allowing to design effectively systems of information security taking into account information threats (Savage et al., ould use the classification of DoS/DDoS/DRDoS attacks and formalized models (2) measure the impact on job This will effectively solve the problem of detecting attacks on computer network access point. Construct formal mathematical models of probability of DoS/DDoS/DRDoS attacks based on the linear form of the method of weighting SYNFlood + β 4 P DNS + δ 3 P Stacheldraht + µ 3 P DNS + µ 4 P SNMP (2) These mathematical model defining the matrix network activity, according to which make conclusions These weight factors can be determined by the experimental method. That is, to design architecture of the networks provided in a Fig. 1 and to set intensity of different type of attacks to a network ( 2014).

Probability of information threats
Thus, having taken total quantity of attacks for 100%, it is possible to define, how many processes will belong to each type of attacks. Then the coefficients will be calculated according to the following equation: Dependence of probability weights compromised access points and number of whatever routs: number of paths from the access points to the destination AP to T; total number of probably compromised access points (3) These weight factors can be determined by the experimental method. That is, to design architecture of the networks provided in a Fig. 1 and to set intensity of a network (Bhatia et al., Thus, having taken total quantity of attacks for 100%, it is possible to define, how many processes will belong to each type of attacks. Then the coefficients will be calculated according to the following equation: The research has shown that all types of attacks evenly affecting computer network. With increasing probability kinds of attacks the probability of information threats and DoS/DDoS/DRDoS attack increases directly proportional. The denial of service attack has the greatest impact on network performance. But to discern what kind of attack is practically implemented, these models do not allow (Hautio and Weckstrom, 1999).
To determine the types of attack that is implemented, form the mathematical model of communication and customer service, which includes the likelihood compromise node and the number of ways to whatever they access points: where, b, c, d, e, f, g: Model of communication і : Types of attacks DoS/DDoS/DRDoS k : Number of possible paths from AP to T We determine these coefficients by an experimental method, by designing architecture, allowing defining intensity of attacks to a network.

RESULTS AND DISCUSSION
It should be noted that the greatest coefficient the communication model the client-server type d). Therefore it is expedient to use it for ensuring safe transfer of information streams in computer networks.
Here are the results of numerical experiment with the model (5) in graphic form (Fig. 1).
In the illustration: α-weighting coefficient, k-the number of paths from the access points to the destination AP to T, n-number of nodes, ˜ (# ˓˜ -the total number of probably compromised access points. The research have shown that as the number of ways to whatever they can from client to server network activity is low, so the practical realization of attack is difficult to determine. For small values k, the active of network is growing rapidly, the attack is  Level of the compromised nodes has a little impact on network activity in general, since these units do not determine the process routing (Hussain et al., 2003).
To distinguish between that attacks was realized, we use Table 1 which analyzed the way to and through compromised node.
It should be noted that the attacks and DNS TAN/TF2K implemented on a specific path, because in a computer network they are easy to detect by analyzing traffic. Traffic activity increases significantly in the implementation of such attacks. In other cases it is difficult to determine the type of threat (Yang et al., 2014).
Research have shown that the formal mathematical model of probability information of threats and DoS/DDoS/DRDoS attacks based on the linear form of the method of weighting coefficients do not allow to discern what kind of attack is practically implemented in a computer network, because with increasing probabilities of attack types increases directly proportional probability information of threats and attacks DoS/DDoS/DRDoS.
Dependence of probability weights compromised access points and ways of whatever they have shown that for small values k active network is growing rapidly and clearly defined attack. When increasing the number of ways to whatever they can from the client to the server, practical realization of attack is difficult to determine because of the low activity of the network. Level nodes of compromise have a little impact on network activity in general, since these units do not determine the process routing.

CONCLUSION
On the basis of the presented technique developed the architecture and constructed program realization of system of detection of DoS/DDoS/DRDoS attacks. The developed technique allows obtaining an adequate assessment of the frequency of losses in the network applications if the queuing network is in the stationary mode. At emergence DoS/DDoS/DRDoS attacks knots of networks of mass service leave the stationary mode for some time then set the stationary mode with other parameters. For the period of transition between the modes the technique is inapplicable. As transition time between the modes depends on topology of a network and parameters of knots, the assessment of efficiency of the developed of technique and its comparative analysis with other approaches represents a separate task: • Based on the classification of information threats specific to attacks such as DoS/DDoS/DRDoS is suggested formal model of a linear type of attack to differentiate on the basis of weighting factors. With these parameters and coefficients can define the main types of threats in computer networks to effectively design information protection system based on information threats. • Are developed matrixes of network activity, with which you can draw conclusions about the implementation of the attack. The analysis of the offered models showed that all types of attacks influence operation of computer networks. With increase in probabilities of varieties of attacks the probability of information threats like DoS/DDoS/DRDoS increases in direct ratio. However, to discern exactly what a particular attack is practically implemented, these models do not allow (Bu et al., 2004).
• It is shown that to distinguish an attack it is advisable to take advantage of the proposed method, which examines the way the attack and its passage through the compromised node. • To determine the type of attack, implemented formulated a mathematical model of communication of client and server that contains the probability of compromised node number of paths from the access points to the destination. Conducted model experiment showed that an increase in the number of paths from the client to the server network activity is low, making it difficult to implement the attack (Aleksander et al., 2012).
• Is offered the method probable markings of packets for tracing of attacks to a failure in service in which process of recovery of the message happens in two stages for achievement of high reliability of message passing. • Are illuminated feasibility of determination of the parameters regulating the volume of the packets transferred on each communication link separately and total amount of packets. Results of computer simulation showed that in time attack promptly increases traffic volume in channels of a network, most of the traffic uses the attack type of DoS/DDoS/DRDoS (Karpinski and Shangytbayeva, 2015). • Is proved that for the reinforced intensity of attack and increase in a factor of uncertainty the initiator of attacks uses counterfeit packets of other nodes. Therefore it is expedient to carry out the analysis of value of a factor of uncertainty for a resource of computer networks by means of the received ratio. • To track the source of the attack method developed probabilistic packet marking, in which the recovery process messages in two stages to achieve high reliability of messaging each word (Szczerba and Szczerba, 2012).