International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 7, No. 9, 8 Aug. 2015
Cover page and Table of Contents: PDF (size: 515KB)
Anomaly Detection in Network Traffic Using Selected Methods of Time Series Analysis
Full Text (PDF, 515KB), PP.10-18
Views: 0 Downloads: 0
Author(s)
Index Terms
Anomaly detection, time series methods, network traffic, predicting/forecasting, statistical analysis
Abstract
In this paper a few methods for anomaly detection in computer networks with the use of time series methods are proposed. The special interest was put on Brown's exponential smoothing, seasonal decomposition, naive forecasting and Exponential Moving Average method. The validation of the anomaly detection methods has been performed using experimental data sets and statistical analysis which has shown that proposed methods can efficiently detect unusual situations in network traffic. This means that time series methods can be successfully used to model and predict a traffic in computer networks as well as to detect some unusual or unrequired events in network traffic.
Cite This Paper
Jarosław Bernacki, Grzegorz Kołaczek, "Anomaly Detection in Network Traffic Using Selected Methods of Time Series Analysis", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.9, pp.10-18, 2015. DOI:10.5815/ijcnis.2015.09.02
Reference
[1]S. Basu, M. Bilenko., and R.J. Mooney, “A probabilistic framework for semi-supervised clustering”. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 2007, pp. 59–68.
[2]J. Cannady, "Artificial Neural Networks for Misuse Detection", In: National Information Systems Security Conference, School of Computer and Information Sciences, Nova Southeastern University, Fort Lauderdale, 1998, pp.443-456.
[3]A.J. Fox,. “Outliers in time series”. J. Royal Statis. Soc. Series B 34(3), 1972, pp.350–363.
[4]P. Galeano, D. Pea, and R.S. Tsay,”Outlier detection in multivariate time series via projection pursuit. Statistics and econometrics working articles” Departamento de Estadistica y Econometrica, Universidad Carlos III, 2004.
[5]P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges", Computers & Security 28(2009), Elsevier, 2009, pp.18-28.
[6]I.A. Ibragimov, "Time series, Encyclopedia of Mathematics" http://www.encyclopediaofmath.org/index.php?title=Time_series&oldid=16499 (last access: February 12, 2015).
[7]A. J?sang, "A Metric for Trusted Systems". In: Proceedings of the 21st National Security Conference, NSA, 1998, pp.68-77.
[8]A. J?sang, "Conditional Inference in Subjective Logic", In the proceedings of the 6th International Conference on Information Fusion, Cairns, 2003, pp.279-311.
[9]G. Kolaczek, K. Juszczyszyn, "Smart Security Assessment of Composed Web Services". Cybernetics and Systems 41(1), 2010, pp.46-61.
[10]J. Ma and S. Perkins, “Online novelty detection on temporal sequences” In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 2003, pp.613–618.
[11]H.Z. Moayedi, M.A. Masnadi-Shirazi, "Arima Model for Network Traffic Prediction and Anomaly Detection", Information Technology, ITSim 2008. International Symposium on (Vol:4), Kuala Lumpur, Malaysia, 2008.
[12]Online manual on statistics, Time series analysis http://www.statsoft.pl/textbook/stathome_stat.html. (last access: February 12, 2015)(in Polish).
[13]A. Patcha, J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends", Computer Networks 51, Elsevier, 2007, pp.3448–3470.
[14]S. Rajasegarar, C. Leckie, M. Palaniswami, J. Bezdek, "Distributed anomaly detection in wireless sensor networks", ARC Special Research Center for Ultra-Broadband Information Networks.
[15]S. Salvador and P. Chan, “Learning states and rules for time-series anomaly detection”, Tech. rep. 2003 CS–2003–05, Department of Computer Science, Florida Institute of Technology Melbourne.
[16]A. Soule, K. Salamatioan, N. Taft, "Combining Filtering and Statistical Methods for Anomaly Detection", IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet, USENIX Association Berkeley, CA, USA ?2005, pp.31-31.
[17]R. Szewczyk, A. Mainwaring, J. Polastre, J. Anderson, D. Culler, "An analysis of a large scale habitat monitoring application" in International conference on Embedded networked sensor systems, ACM Press, 2004, pp. 214–226.
[18]M. Thottan, C. Ji, "Anomaly Detection in IP Networks", IEEE transactions on signal processing, Vol. 51, No. 8, 2003, pp.2191-2204.
[19]R.S. Tsay, D. Pea, and A. E. Pankratz, “Outliers in multi-variate time series”. Biometrika 87(4), 2000, pp.789–804.
[20]K. Wang, S. Stolfo, "Anomalous Payload-Based Network Intrusion Detection", Computer Science Department, Columbia University, Lecture Notes in Computer Science 3224, 2004, pp.203-222.
[21]A.S. Weigend, M. Mangeas, and A.N. Srivastava, “Nonlinear gated experts for time-series: Discovering
regimes and avoiding overfitting.” Int. J. Neural Syst. 6, 4, 1995, pp. 373–399.
[22]B. Zhou, D. He, Z. Sun, "Traffic Modeling and Prediction using ARIMA/GARCH model", Nejat Ince, A., Topuz, E. (Eds.), Springer, 2006, pp.101-121.
[23]V. Barot, S. S. Chauhan, B. Patel, "Feature Selection for Modeling Intrusion Detection", IJCNIS, vol.6, no.7, 2014, pp.56-62. DOI: 10.5815/ijcnis.2014.07.08.
[24]A. Bhandari, A.L Sangal, K. Kumar, "Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks", IJCNIS, vol.7, no.8, 2015, pp.9-20, DOI: 10.5815/ijcnis.2015.08.02.
[25]A. P. Singh, M. D. Singh, "Analysis of Host-Based and Network-Based Intrusion Detection System", IJCNIS, vol.6, no.8, 2014, pp.41-47, DOI: 10.5815/ijcnis.2014.08.06.