Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model

被引：25

作者：

Andrysiak, Tomasz ^{[1
]}

Saganowski, Lukasz ^{[1
]}

Choras, Michal ^{[1
]}

Kozik, Rafal ^{[1
]}

机构：

[1] Univ Technol & Life Sci Bydgoszcz, Inst Telecommun, PL-85789 Bydgoszcz, Poland

来源：

INTERNATIONAL JOINT CONFERENCE SOCO'14-CISIS'14-ICEUTE'14 | 2014年 / 299卷

关键词：

network anomaly detection; cybersecurity; ARFIMA;

D O I：

10.1007/978-3-319-07995-0_54

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

In this paper, we present network anomaly detection with the use of ARFIMA model. We propose the method of estimation parameters using the Hyndman-Khandakar algorithm to estimate the polymonials parameters and the Haslett and Raftery algorithm to estimate the differencing parameters. The choice of optimal values of the model parameters is performed on the basis of information criteria representing a compromise between the consistency model and the size of its error of estimate. In the presented method, we propose to use statistical relationships between predicted and original network traffic to determine if the examined trace is normal or attacked. The efficiency of our method is verified with the use of extended set of benchmark test real traces. The reported experimental results confirm the efficiency of the presented method.

引用

页码：545 / 554

页数：10

共 19 条

[1] [Anonymous], 2004, IMC
[2] [Anonymous], INT J NEURAL SYSTEMS
[3] [Anonymous], 1997, Econometric Methods
[4] [Anonymous], 1989, Applied Statistics, DOI DOI 10.2307/2347679
[5] [Anonymous], 2006, Introduction to Time Series and Forecasting
[6] Box G., 1970, Control
[7] Box G.E.P., 1976, Time Series Analysis: Forecasting and Control
[8] Celenk M, 2008, IEEE SYS MAN CYBERN, P3547
[9] Dainotti A., 2006, IEEE GLOBECOM
[10] Esposito M., 2005, Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems, P144

← 1 2 →