Analysis of Internet service user audiences for network security problems

In this paper an Internet service audience is studied in order to create a user kernel, with the audience represented as a list of IP addresses able to authorize access to the beginning of a network attack. Methods with which to determine the regular audience of an Internet service and to identify IP addresses from which such a network attack is carried out are offered. Experiments were performed involving a real network attack on a popular Internet portal. In order to isolate the source IP address of the attack a demonstration is provided regarding the efficacy of the simultaneous application of two criteria: exceeding the threshold for the UDP stream speed limit, and the number of flows generated with the test IP addresses.