Dynamic Model of an Information System with a Threshold Adaptive Protection Operator
https://doi.org/10.15514/ISPRAS-2026-38(3)-46
Abstract
This paper investigates the problem of ensuring the stability of information systems under anomalous load conditions characteristic of Distributed Denial-of-Service (DDoS) attacks. A deterministic dynamic model is proposed, grounded in queueing theory and describing the coupled dynamics of the request queue length, the level of adaptive protection, and the utilization of computational resources–namely, the central processing unit and the network channel. The model incorporates a nonlinear saturation effect in request processing under overload, which accurately reflects the degradation of server infrastructure efficiency as the number of concurrent requests increases. The core component of the model is an adaptive protection algorithm implemented through a threshold-based operator that activates only when the queue exceeds a critical threshold and automatically deactivates once the load normalizes, thereby minimizing the risk of blocking legitimate traffic and eliminating false positives during normal operation. To ensure universality of the analysis, the system of differential equations is transformed into a dimensionless form, which enables the identification of key dimensionless parameter groups and eliminates dependence on specific units of measurement. A rigorous stability analysis based on the spectrum of the Jacobian matrix confirms the asymptotic stability of the system, provided that the intensity of normal traffic does not exceed the processing capacity. Numerical simulations were conducted for three distinct attack scenarios: a short-term burst, a multi-stage attack with repeated waves, and a low-and-slow attack followed by a sharp surge. To enhance model adequacy, a mechanism for conditional engagement of reserve computational resources was introduced, activated only after the cessation of the attack and in the presence of persistent overload. Model validation against the public CICDDoS2019 dataset confirmed its high accuracy, demonstrating both qualitative and quantitative agreement. The obtained results highlight the model’s practical applicability for designing predictive protection systems in cloud and distributed environments, as well as for optimizing the parameters of adaptive mechanisms in real-world information infrastructures.
About the Authors
Maksim Dmitrievich POLINRussian Federation
Undergraduate student in the field of Information Systems and Technologies at the Institute of Computer Science and Cybersecurity of Peter the Great St. Petersburg Polytechnic University. Research interests: information systems modeling, solving optimization and extremal problems, software development.
Artem Aleksandrovich EFREMOV
Russian Federation
Cand. Sci. (Phys.-Math), Assoc. Prof., Head of the Information Systems and Technology Training Department at the Institute of Computer Science and Cybersecurity of Peter the Great St. Petersburg Polytechnic University. Research interests: synthesis of complex dynamic systems, optimization, control.
References
1. Cloudflare. DDoS Threat Report for 2023 Q4: Cloudflare Blog, 2023. Available at: https://blog.cloudflare.com/ddos-threat-report-for-2023-q4/, accessed дата обращения: 18.12.2025.
2. ENISA Threat Landscape 2024: European Union Agency for Cybersecurity, 2024. Available at: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024, accessed: 18.12.2025
3. Козырева Н. И. Современные методы предотвращения DDoS-атак и защиты веб-серверов, 2025. Available at: https://cyberleninka.ru/article/n/sovremennye-metody-predotvrascheniya-ddos-atak-i-zaschity-veb-serverov, accessed 18.12.2025.
4. OVHcloud. A brief retrospective of network-layer DDoS attacks in 2024: OVHcloud Blog, 2025. Available at: https://blog.ovhcloud.com/a-brief-retrospective-of-network-layer-ddos-attacks-in-2024-at-ovhcloud/, accessed 18.12.2025.
5. Лапина М.А. Применение технологий машинного обучения для обнаружения вторжений и атак в веб-среде. Вестник компьютерных и информационных технологий, 2024, № 4, стр. 92-103. Доступно по ссылке: https://cyberrus.info/wp-content/uploads/2024/07/vokib-2024-4-st10-s092-103.pdf, дата обращения: 18.12.2025.
6. Горбачёв А.А. Алгоритм имитации динамических характеристик сетевого трафика веб-сервисов с использованием методов машинного обучения. Вестник компьютерных и информационных технологий, 2024, № 4, стр. 104-115. Доступно по ссылке: https://cyberrus.info/wp-content/uploads/2024/08/vokib-2024-4-st11-s104-115.pdf, дата обращения: 18.12.2025.
7. MITRE. Adversarial ML Threat Matrix. MITRE, 2020. Доступно по ссылке: https://github.com/mitre/advmlthreatmatrix, дата обращения: 21.12.2025.
8. Mishra P., Varadharajan V., Tupakula U., Pilli E.S. A Detailed Investigation and Analysis of DDoS Attacks in Cloud Computing Environment. Journal of Network and Computer Applications, 168 (2020), 102736.
9. Петрива Н.В. Гибридная система массового обслуживания с повторными вызовами. Вестник Томского государственного университета. Управление, вычислительная техника и информатика. 2021, № 1 (55), стр. 136-145. Доступно по ссылке: https://vital.lib.tsu.ru/vital/access/services/Download/koha:000721432/SOURCE1, дата обращения: 25.10.2025.
10. Васильев В.И., Вульфин А.М. Гибридные модели в задачах обнаружения сетевых атак: проблемы реального времени и интерпретации. Вестник компьютерных и информационных технологий, 2024, № 6, стр. 117-129. Доступно по ссылке: https://cyberrus.info/wp-content/uploads/2024/12/vokib-2024-6-st10-s117-129.pdf, дата обращения: 18.12.2025.
11. Калашников А.О. Пример использования теоретико-игрового подхода в задачах обеспечения кибербезопасности информационных систем с использованием «ложных» информационных объектов. Вестник компьютерных и информационных технологий, 2014, № 1, стр. 49-54. Доступно по ссылке: https://cyberrus.info/wp-content/uploads/2014/03/49-54.pdf, дата обращения: 18.12.2025.
12. Осипов Г.С. Компьютерное моделирование систем массового обслуживания с ограничениями. Современные наукоемкие технологии, 2025, № 1, стр. 1-10. Доступно по ссылке: https://top-technologies.ru/article/view?id=37874, дата обращения 16.12.2025.
13. Головко Н.И. Исследование моделей систем массового обслуживания в информационных сетях // Сибирский журнал индустриальной математики, 2008, т. 11, № 1, стр. 45-56. Доступно по ссылке: https://www.mathnet.ru/php/getFT.phtml?jrnid=sjim&paperid=500&what=fullt, дата обращения: 18.12.2025.
14. Talukder M. A., Uddin M. CIC-DDoS2019 Dataset (version 1), 2023. [Dataset]. Mendeley Data. DOI: 10.17632/ssnc74xm6r.1.
Review
For citations:
POLIN M.D., EFREMOV A.A. Dynamic Model of an Information System with a Threshold Adaptive Protection Operator. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2026;38(3):59-70. (In Russ.) https://doi.org/10.15514/ISPRAS-2026-38(3)-46






