Abstract
In this article we present a network traffic DDoS attacks detection method based on modeling the variability with the use of conditional average and variance in examined time series. Variability predictions of the analyzed network traffic are realized by estimated statistical models ARFIMA and FIGARCH. We propose simple parameter estimation models with the use of maximum likelihood function. The choice of sparingly parameterized form of the models is realized by means of information criteria representing a compromise between brevity of representation and the size of the prediction error. In the described method we propose using statistical relations between predicted and analyzed network traffic in order to detect abnormal behavior possibly being a result of a network attack. Performed experiments confirmed effectiveness of the analyzed method and cogency of the statistical models. abstract environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jackson, K.: Intrusion Detection Systems (IDS). Product Survey. Los Alamos National Library, LA-UR-99-3883 (1999)
Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone C.: Evaluating pattern recognition techniques in intrusion detection systems. In: PRIS, pp. 144â153 (2005)
Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201â206 (2004)
Chondola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1â72 (2009)
Rodriguez, A., Mozos, M.: Improving network security through traffic log anomaly detection using time series analysis. In: Computational Intelligence in Security for Information Systems, pp. 125â133 (2010)
Liang H., Xiaoming B.: Research of DDoS attack mechanism and its defense frame, computer research and development (ICCRD). In: 3rd International Conference, pp. 440â442 (2011)
Atak i Obrona 2013 Raport, Ataki i metody obrony w internecie w Polsce (2013)
Granger, C.W.J., Joyeux, R.: An introduction to long-memory time series models andfractional differencing. J. Time Ser. Anal. 1, 15â29 (1980)
Hosking, J.: Fractional differencing. Biometrika 68, 165â176 (1981)
Engle, R.: Autoregressive conditional heteroskedasticity with estimates of the variance of UK inflation. Econometrica 50, 987â1008 (1982)
Baillie, R., Bollerslev, T., Mikkelsen, H.: Fractionally integrated generalized autoregressive conditional heteroskedasticity. J. Econom. 74, 3â30 (1996)
Crato, N., Ray, B.K.: Model selection and forecasting for long-range dependent processes. J. Forecast. 15, 107â125 (1996)
Gabriel, V.J., Martins, L.F.: On the forecasting ability of ARFIMA models when infrequent breaks occur. Econom. J. 7, 455â475 (2004)
Tayefi, M., Ramanathan, T.V.: An overview of FIGARCH and related time series models. AUSTRIAN J. Stat. 41(3), 175â196 (2012)
Box, G., Jenkins, G., Reinsel, G.: Time Series Analysis. Holden-day, San Francisco (1970)
Brockwell, P., Davis, R.: Introduction to Time Series and Forecasting. Springer, Berlin (2002)
Beran, J.A.: Statistics for Long-Memory Processes. Chapman and Hall, New York (1994)
Haslett, J.: Raftery AE space-time modelling with long-memory dependence: assessing Irelandâs wind power resource (with discussion). Appl. Stat. 38(1), 1â50 (1989)
Hyndman, R.J., Khandakar, Y.: Automatic time series forecasting: the forecast Package for R. J. Stat. Softw. 27(3), 1â22 (2008)
SNORTâIntrusion Detection System, https://www.snort.org/
The CAIDA Dataset, http://www.caida.org/data (2006â2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Andrysiak, T., Saganowski, Ć. (2016). DDoS Attacks Detection by Means of Statistical Models. In: Burduk, R., Jackowski, K., KurzyĆski, M., WoĆșniak, M., Ć»oĆnierek, A. (eds) Proceedings of the 9th International Conference on Computer Recognition Systems CORES 2015. Advances in Intelligent Systems and Computing, vol 403. Springer, Cham. https://doi.org/10.1007/978-3-319-26227-7_75
Download citation
DOI: https://doi.org/10.1007/978-3-319-26227-7_75
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26225-3
Online ISBN: 978-3-319-26227-7
eBook Packages: EngineeringEngineering (R0)