Abstract
The preoccupation of the present work is an attempt to solve the problem of anomaly detection in network traffic by means of statistical models based on exponential smoothing. We used the generalized Holt-Winters model to detect possible fluctuations in network traffic, i.e. accidental fluctuations, trend and seasonal variations. The model parameters were estimated by means of the Hyndman-Khandakar algorithm. We chose the model parameters optimal values on the grounds of information criteria (AIC) which show a compromise between the consistency model and the size of its estimation error. In the proposed method, we used automatic forecasting on the basis of the estimated traffic model, which was further compared to the real variability of the analyzed network traffic in order to detect its abnormal behavior. The results of the performed experiments confirm efficiency of the proposed solution.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SANS Institute. Top cyber security risks - zero-day vulnerability trends. http://www.sans.org/top-cyber-security-risks/zero-day.php
Internet Security Threat Report ISTR, vol. 22 (2017). https://www.symantec.com/content/dam/Symantec/docs/reports/istr-22-2017-en.pdf
Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Trans. Signal Process. Special Issue of Signal Processing in Networking 51(8), 2191–2204 (2003)
Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201–206 (2004)
Chondola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–72 (2009)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 71–82. ACM (2002)
Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput. Secur. 25, 459–468 (2006)
Wei, L., Ghorbani, A.: Network anomaly detection based on wavelet analysis. EURASIP J. Adv. Signal Process. 2009 (2009)
Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: detecting intrusions by data mining. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, T1A3 1100 United States Military Academy, West Point, NY, pp. 5–6 (2001)
Andrysiak, T., Saganowski, Ł., Maszewski, M., Grad, P.: A DDoS attacks detection based on conditional heteroscedastic time series models. Image Process. Commun. 20(1), 23–32 (2015)
Andrysiak, T., Saganowski, Ł., Choras, M., Kozik, R.: Network traffic prediction and anomaly detection based on ARFIMA model. In: de la Puerta, J.G., et al. (eds.) International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol. 299, pp. 545–554 (2014)
Yaacob, A., Tan, I., Chien, S., Tan, H.: Arima based network anomaly detection. In: Second International Conference on Communication Software and Networks IEEE, pp. 205–209 (2010)
Brockwell, P.J., Davis, R.A.: Time Series: Theory and Methods, 2nd edn. Springer, New York (1991)
Brockwell, P., Davis, R.: Introduction to Time Series and Forecasting. Springer, New York (2002)
Hyndman, R.J., Koehler, A.B., Ord, J.K., Snyder, R.D.: Forecasting with Exponential Smoothing: The State Space Approach. Springer, Heidelberg (2008)
Brown, R.G.: Statistical Forecasting for Inventory Control. McGrow Hill, New York (1959)
Brown, R.G.: Smoothing. Forecasting and Prediction of Discrete Time Series. Prentice-Hall, Englewood Cliffs (1963)
Holt, C.C.: Forecasting seasonals and trends by exponentially weighted moving averages, ONR Memorandum, vol. 52. Carnegie Institute of Technology, Pittsburgh, PA. Available from the Engineering Library, University of Texas at Austin (1957)
Gardner, E.S.: Exponential smoothing: the state of the art. J. Forecast. 4, 1–28 (1985)
Gardner, E.S.: Exponential smoothing: the state of the art Part II. Int. J. Forecast. 22, 637–666 (2006)
Winters, P.R.: Forecasting sales by exponentially weighted moving averages. Manage. Sci. 6, 324–342 (1960)
Archibald, B.C.: Parameter space of the Holt-Winters’ model. Int. J. Forecast. 6, 199–209 (1990)
Aoki, M.: State Space Modeling of Time Series. Springer, Berlin (1987)
Hyndman, R.J., Koehler, A.B., Snyder, R.D., Grose, S.: A state space framework for automatic forecasting using exponential smoothing methods. Int. J. Forecast. 18(3), 439–454 (2002)
Durbin, J., Koopman, S.J.: Time Series Analysis by State Space Methods. Oxford University Press, Oxford (2001)
Hyndman, R.J., Khandakar, Y.: Automatic time series forecasting: the forecast package for R. J. Stat. Softw. 27(3) (2008)
Bozdogan, H.: Model selection and Akaike’s Information Criterion (AIC): the general theory and its analytical extensions. Psychometrika 52, 345–370 (1987)
SNORT - Intrusion Detection System. https://www.snort.org/
Kali Linux. https://www.kali.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Andrysiak, T., Saganowski, Ł., Maszewski, M. (2018). Time Series Forecasting Using Holt-Winters Model Applied to Anomaly Detection in Network Traffic. In: Pérez García, H., Alfonso-Cendón, J., Sánchez González, L., Quintián, H., Corchado, E. (eds) International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6–8, 2017, Proceeding. SOCO ICEUTE CISIS 2017 2017 2017. Advances in Intelligent Systems and Computing, vol 649. Springer, Cham. https://doi.org/10.1007/978-3-319-67180-2_55
Download citation
DOI: https://doi.org/10.1007/978-3-319-67180-2_55
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67179-6
Online ISBN: 978-3-319-67180-2
eBook Packages: EngineeringEngineering (R0)