Abstract
In this paper, we present network anomaly detection with the use of ARFIMA model. We propose the method of estimation parameters using the Hyndman-Khandakar algorithm to estimate the polymonials parameters and the Haslett and Raftery algorithm to estimate the differencing parameters. The choice of optimal values of the model parameters is performed on the basis of information criteria representing a compromise between the consistency model and the size of its error of estimate. In the presented method, we propose to use statistical relationships between predicted and original network traffic to determine if the examined trace is normal or attacked. The efficiency of our method is verified with the use of extended set of benchmark test real traces. The reported experimental results confirm the efficiency of the presented method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jackson, K.: Intrusion Detection Systems (IDS). Product Survey. Los Alamos National Library, LA-UR-99-3883 (1999)
Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. PRIS, pp. 144–153 (2005)
Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Real Time Detection of Novel Attacks by Means of Data Mining Techniques. ICEIS (3), 120–127 (2005)
Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201–206 (2004)
Scherrer, A., Larrieu, N., Owezarski, P., Borgnat, P., Abry, P.: Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies. IEEE Transactions on Dependable and Secure Computing 4(1), 56 (2007)
Rodriguez, A.C., de los Mozos, M.R.: Improving network security through traffic log anomaly detection using time series analysis. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds.) Computational Intelligence in Security for Information Systems 2010. AISC, vol. 85, pp. 125–133. Springer, Heidelberg (2010)
Brockwell, P., Davis, R.: Introduction to time series and forecasting. Springer (2002)
Celenk, M., Conley, T., Graham, J., Willis, J.: Anomaly Prediction in Network Traffic Using Adaptive Wiener Filtering and ARMA Modeling. In: IEEE International Conference on Systems, Man and Cybernetics, SMC, pp. 3548–3553 (2008)
Geweke, J., Porter-Hudak, S.: The Estimation and Application of Long Memory Time Series Models. Journal of Time Series Analysis (4), 221–238 (1983)
Yaacob, A., Tan, I., Chien, S., Tan, H.: Arima based network anomaly detection. In: Second International Conference on Communication Software and Networks, pp. 205–209. IEEE (2010)
Box, G.E., Jenkins, M.G.: Time series analysis forecasting and control, 2nd edn. Holden-Day, San Francisco (1976)
Hosking, J.R.M.: Fractional differencing. Biometrika (68), 165–176 (1981)
Haslett, J., Raftery, A.E.: Space-time modelling with long-memory dependence: assessing Ireland’s wind power resource (with Discussion). Applied Statistics 38(1), 1–50 (1989)
Hyndman, R.J., Khandakar, Y.: Automatic time series forecasting: the forecast Package for R. Journal of Statistical Softwar 27(3), 1–22 (2008)
Johnston, J., DiNardo, J.: Econometric methods, 4th edn. McGraw-Hill, Singapore (1997)
Box, G., Jenkins, G., Reinsel, G.: Time series analysis. Holden-day San Francisco (1970)
Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
CAIDA benchmark dataset (2009), http://www.caida.org/data/overview/
Benchmark Data (2010), http://www.takakura.com//Kyoto_data/
Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009, Article ID 837601, 16 pages (2009), doi:10.1155/2009/837601
Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: IEEE GLOBECOM, San Francisco, CA, USA (November 2006)
Herrero, A., Zurutuza, U., Corchado, E.: A neural-visualization ids for honeynet data. International Journal of Neural Systems 22(2)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Andrysiak, T., Saganowski, Ł., Choraś, M., Kozik, R. (2014). Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_54
Download citation
DOI: https://doi.org/10.1007/978-3-319-07995-0_54
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07994-3
Online ISBN: 978-3-319-07995-0
eBook Packages: EngineeringEngineering (R0)