Skip to main content
SpringerLink
Log in

Network Traffic Analytics for Internet Service Providers—Application in Early Prediction of DDoS Attacks

  • Chapter
  • First Online:
Machine Learning Paradigms

Part of the book series: Intelligent Systems Reference Library ((ISRL,volume 149 ))

Abstract

In this chapter an approach for modelling intra-values forecasts of a time-series Network Traffic using a mean reverting stochastic process (MRSP) is presented. An autoregressive model of order n, AR(n), formalized in state space, with its unobservable coefficients estimated by a Kalman filter using n past time series observations produces [AR(n)-KF] estimates, which constitute the mean reverting part of the process. A Brownian motion multiplied by a diffusion (or volatility) term constitutes the stochastic part of the process. The determinant and trace of the Kalman filter error covariance matrix multiplied by the process itself is used to capture the diffusion dynamics in the intra-values time-series. The proposed algorithm is designed especially for network traffic and it does not assume stationary data. The method was tested using real traffic data from GRnet concerning our institutional network. Experimental as well as simulation results based on real daily data from the GRnet IP traffic demonstrate the applicability of the model. The proposed MRSP algorithm was able to identify successfully unusual activities contained in the test datasets and produce proper warnings. Applications on real-time D/DoS bandwidth-flooding attack detection, are also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anderson, B.D.O., Moore, J.B.: Optimal filtering. In: Kailath, T. (ed.) Information and System Sciences Series. Prentice-Hall, Inc., Englewood Cliffs, N.J. (1979)

    Google Scholar 

  2. Anjali, T., Scoglio, C., Chen, L.C., Akyildiz, I.F., Uhl, G.: ABEst: an available bandwidth estimator within an autonomous system. In: IEEE Global Telecommunications Conference, Nov 2002

    Google Scholar 

  3. Arbor Networks: Worldwide infrastructure security reports series (2005–2012) (2012). http://www.arbornetworks.com/report

  4. Bougioukou, A.P., Leros, A.P., Papakonstantinou, V.: Modelling of non-stationary ground motion using the mean reverting stochastic process. Appl. Math. Model. 32, 1912–1932 (2008)

    Article  MathSciNet  Google Scholar 

  5. Brockwell, P.J., Davis, R.A.: Introduction time series and forecasting. Springer, New York (2002)

    Book  Google Scholar 

  6. Commandeur, J.J.F., Koopman, S.J.: Practical Econometrics: An Introduction to State Space Time Series Analysis. Oxford University Press, New York (2007)

    MATH  Google Scholar 

  7. Cox, J.C., Ingersoll, Jonathan E., Ross, Stephen A.: A theory of the term structure of interest rates. Econometrica 53(2), 385–408 (1985)

    Article  MathSciNet  Google Scholar 

  8. Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed Denial of service: attacks and defenses. IEEE Secur. Priv. 12, 54–61 (2013)

    Article  Google Scholar 

  9. Giannopoulos, I.K., Leros, A.P., Leros, A.K., Tsaramirsis, G.: A stochastic model with an adaptive proportional controller for the evolution of user-router bandwidth demand for quality of service (QoS) aspects. In: Ad Hoc and Sensor Wireless Networks (2014)

    Google Scholar 

  10. Giannopoulos, I.K., Leros, A.P., Leros, A.K.: A model for the evolution of router bandwidth. In: WCE2015, pp. 547–551 (2015)

    Google Scholar 

  11. Higham, D.J.: An algorithmic introduction to numerical simulation of stochastic differential equations. SIAM Rev. 43(3), 525–546 (2001)

    Article  MathSciNet  Google Scholar 

  12. Kuan Hoong, P., Tan, I.K.T., Yik Keong, C.: Bit torrent network traffic forecasting with ARIMA. IJCNC 4(4) (2012)

    Google Scholar 

  13. Lipschutz, S., Lipson, M.L.: Linear Algebra, 4th edn. In: Schaum’s Outline Series. The McGraw-Hill Companies, Inc. (2009)

    Google Scholar 

  14. Ludwing, A.: Stochastic Differential Equations: Theory and Applications. Wiley (1973)

    Google Scholar 

  15. Mahanta, D., Ahmed, M., Bora, U.J.: A study of bandwidth management in computer networks. Int. J. Innov. Technol. Explor. Eng. 2(2) (2013)

    Google Scholar 

  16. Maybeck, P.: Stochastic Models, Estimation and Control, vol. I. Academic Press (1979)

    Google Scholar 

  17. Mitrokotsa, A., Douligeris C.: DDoS attacks and defense mechanisms: a classification. In: 3rd IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2003)

    Google Scholar 

  18. Mohamed, A.H., Schwarz, K.P.: Adaptive Kalman filtering for INS/GPS. J. Geodesy 73(4), 193–203 (1999)

    Article  Google Scholar 

  19. Moussas, V.C., Daglis, M., Kolega, E.: Network traffic modeling and prediction using multiplicative seasonal ARIMA models. In: Proceedings of the 1st International Conference on Experiments/Process/System Modeling/Simulation/Optimization, Athens, 6–9 July 2005

    Google Scholar 

  20. Moussas, V.C., Pappas, S.S.: Adaptive network anomaly detection using bandwidth utilization data. In: Proceedings of the 1st International Conference on Experiments/Process/System Modeling/Simulation/Optimization, Athens, 6–9 July 2005

    Google Scholar 

  21. Moussas, V.C.: Network traffic flow prediction using multi-model partitioning algorithms. In: Tsahalis, D.T. (ed) Proceedings of the 2nd SCCE International Conference “From Scientific Computing to Computational Engineering”, Athens, 5–8 July 2006

    Google Scholar 

  22. Moussas, V.C.: Adaptive traffic modelling for network anomaly detection (chapter 1). In: Daras, N.J. (ed). Springer (2016)

    Google Scholar 

  23. Oetiker, T.: Multi Router Traffic Grapher (MRTG) tool, Software Package and Manuals (2018). http://oss.oetiker.ch/mrtg/

  24. Oetiker, T.: MRTG: Multi Router Traffic Grapher (2018). http://people.ee.ethz.ch/oetiker/webtools/mrtg/

  25. Oetiker, T.: Round Robin Database Tool (RRD tool), Software Package and Manuals (2018). http://oss.oetiker.ch/rrdtool/

  26. P. T. Inc.: Prolexic Attack Report, Q3 2011–Q4 2012 (2011/2012). http://www.prolexic.com/attackreports

  27. Shu, Y., Yu, M., Liu, J., Yang, O.W.W.: Wireless traffic modeling and prediction using seasonal ARIMA models. In: IEEE International Conference on Communication, ICC’03, vol. 3, May 2003

    Google Scholar 

  28. Thottan, M., Ji, C.: Detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)

    Article  Google Scholar 

  29. White Paper: Understanding fiber ethernet bandwidth vs. end user experience. http://fiberinternetcenter.com/WhitePapers-Podcasts/WhitePaperEthervsEndUser.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Automation, School of Technological Applications, Technological Educational Institute of Sterea Ellada, 34400, Psachna, Evia, Greece

    Apostolos P. Leros

  2. Division of Computer Engineering and Information Science, Hellenic Air Force Academy, Dekeleia Air Force Base, 1010, Dekeleia, Attica, Greece

    Antonios S. Andreatos

Authors
  1. Apostolos P. Leros
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonios S. Andreatos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonios S. Andreatos .

Editor information

Editors and Affiliations

  1. University of Piraeus , Piraeus, Greece

    George A. Tsihrintzis

  2. University of Piraeus , Piraeus, Greece

    Dionisios N. Sotiropoulos

  3. Faculty of Engineering and Information Technology, Centre for Artificial Intelligence, University of Technology, Sydney, New South Wales, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Leros, A.P., Andreatos, A.S. (2019). Network Traffic Analytics for Internet Service Providers—Application in Early Prediction of DDoS Attacks. In: Tsihrintzis, G., Sotiropoulos, D., Jain, L. (eds) Machine Learning Paradigms. Intelligent Systems Reference Library, vol 149 . Springer, Cham. https://doi.org/10.1007/978-3-319-94030-4_10

Download citation

Publish with us

Policies and ethics

Search

Navigation