Abstract

We investigated the dynamical and multiscale features of the Internet routing process in periods of Slammer worm and WannaCrypt ransomware attacks in 2003 and 2017. Border Gateway Protocol (BGP) updates from 8 RIPE RIS collectors were used. To focus on the nonlinear dynamical structure of Internet routing process, we have composed a magnitude time series from original BGP updates data. We used methods of Local variation, Lempel and Ziv complexity measure and Tsallis entropy calculation. Multifractal properties of the BGP updates process were analyzed by multifractal detrended fluctuation analysis (MFDFA).
The purpose of the study was to analyze dynamical patterns of the BGP updates process.
The main research task was to assess the efficiency of different dynamical and multiscale testing methods to recognize possible changes in the patterns of Internet routing process caused by attacks of Internet worm Slammer and ransomware WannaCrypt. It is shown that multifractal testing enables to recognize changes in the dynamical patterns of the routing process caused by Slammer worm and ransomware WannaCrypt even when other methods proved ineffective in analyzing relatively short routing time series.
It was found, that during periods of Slammer worm and ransomware WannaCrypt attacks, the dynamics of the multifractal Internet routing process underwent a transient, albeit noticeable, shift toward monofractality. Thus, according to results of present analysis, the most efficient in recognizing multiscale and dynamical patterns of changes in the long-range correlated Internet routing process is a multifractal analysis when it is used for relatively short magnitude time series of BGP updates variation.

Keywords

WannaCrypt ransomware attacks