Sagatov, E. S., Chernysh, D. P., Mayhoub, S. and Sukhov, A. M. (2025). Detection of anomalous network behavior based on one-way delay measurements. Discover Internet of Things, 5 ,
Abstract
A global network monitoring system measuring IP network performance metrics (IPPM) is presented, which is proposed for use in network security. The monitoring system measures network latency and related values. The dependence of IPPM on the power of a DDoS attack is used to determine the moment of the attack. Another method of attack detection is to study changes in routes between measurement nodes. A change in route is accompanied by a sudden change in one-way delay (OWD). Recent reviews on OWD recommend the use of the One-way Active Measurement Protocol (OWAMP protocol). Studies have shown that using the OWAMP protocol to measure OWD gives two different results for the same route. An updated mechanism for measuring one-way delay has been proposed. The novelty of the method lies in the use of a new type of timestamp, which is set directly at the moment of sending and receiving the measurement packet. A new measurement utility has been created that eliminates measurement errors.
| Publication DOI: | https://doi.org/10.1007/s43926-025-00242-1 |
|---|---|
| Divisions: | College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies College of Engineering & Physical Sciences College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies > Software Engineering & Cybersecurity Aston University (General) |
| Funding Information: | The research was funded by the grant Russian Science Foundation 24-29-00041. |
| Additional Information: | Copyright © The Author(s) 2025. This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit https://creativecommons.org/licenses/by-nc-nd/4.0/. |
| Uncontrolled Keywords: | Measurement of one way delay,NetTestBox,Review of delay measurement utilities,Timescale synchronisation methods,Timestamps in Linux,Software,Information Systems,Human-Computer Interaction,Hardware and Architecture,Computer Networks and Communications,Electrical and Electronic Engineering |
| Publication ISSN: | 2730-7239 |
| Last Modified: | 16 Feb 2026 17:39 |
| Date Deposited: | 10 Feb 2026 12:07 |
| Full Text Link: | |
| Related URLs: |
https://link.sp ... 926-025-00242-1
(Publisher URL) http://www.scop ... tnerID=8YFLogxK (Scopus URL) |
PURE Output Type: | Article |
| Published Date: | 2025-11-10 |
| Accepted Date: | 2025-10-15 |
| Authors: |
Sagatov, E. S.
Chernysh, D. P. Mayhoub, S. ( 
0000-0001-7629-0532)
Sukhov, A. M. |
![[img]](https://publications.aston.ac.uk/style/images/fileicons/text.png)