Advertisement

Network Anomaly Detection Based on Statistical Models with Long-Memory Dependence

  • Tomasz AndrysiakEmail author
  • Łukasz Saganowski
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 365)

Abstract

The paper presents an attempt to anomaly detection in network traffic using statistical models with long memory. Tests with the GPH estimator were used to check if the analysed time series have the long-memory property. The tests were performed for three statistical models known as ARFIMA, FIGARCH and HAR-RV. Optimal selection of model parameters was based on a compromise between the model’s coherence and the size of the estimation error.

Keywords

Anomaly detection long-memory dependence statistical models 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Baillie, R., Bollerslev, T., Mikkelsen, H.: Fractionally Integrated Generalized Autoregressive Conditional Heteroskedasticity. Journal of Econometrics 74, 3–30 (1996)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Beran, J.A.: Statistics for Long-Memory Processes. Chapman and Hall (1994)Google Scholar
  3. 3.
    Box, G.E., Jenkins, M.G.: Time series analysis forecasting and control, 2nd edn. Holden-Day, San Francisco (1976)zbMATHGoogle Scholar
  4. 4.
    Box, G., Jenkins, G., Reinsel, G.: Time series analysis. Holden-day, San Francisco (1970)zbMATHGoogle Scholar
  5. 5.
    Corsi, F.: A simple approximate long-memory model of realized volatility. Journal of Financial Econometrics 7, 174–196 (2009)CrossRefGoogle Scholar
  6. 6.
    Crato, N., Ray, B.K.: Model Selection and Forecasting for Long-range Dependent Processes. Journal of Forecasting 15, 107–125 (1996)CrossRefGoogle Scholar
  7. 7.
    Engle, R.: Autoregressive conditional heteroskedasticity with estimates of the variance of UK inflation. Econometrica 50, 987–1008 (1982)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Geweke, J., Porter-Hudak, S.: The Estimation and Application of Long Memory Time Series Models. Journal of Time series Analysis (4), 221–238 (1983)Google Scholar
  9. 9.
    Granger, C.W.J., Joyeux, R.: An introduction to long-memory time series models and fractional differencing. Journal of Time Series Analysis 1, 15–29 (1980)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Hosking, J.: Fractional differencing. Biometrika (68), 165–176 (1981)Google Scholar
  11. 11.
    Hurst, H.R.: Long-term storage capacity of reservoirs. Transactions of the American Society of Civil Engineers 1, 519–543 (1951)Google Scholar
  12. 12.
    Robinson, P.M.: Log-periodogram regression of time series with long range dependence. Annals of Statistics 23, 1048–1072 (1995)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Saganowski, Ł., Goncerzewicz, M., Andrysiak, T.: Anomaly Detection Preprocessor for SNORT IDS System. In: Choraś, R.S. (ed.) Image Processing and Communications Challenges 4. AISC, vol. 184, pp. 225–232. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    SNORT - Intrusion Detection System, https://www.snort.org/
  15. 15.
  16. 16.
    Andrysiak, T., Saganowski, Ł., Choraś, M., Kozik, R.: Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model. In: de la Puerta, J.G., et al. (eds.) International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. AISC, vol. 299, pp. 545–554. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  17. 17.
    Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009 (2009), doi:10.1155/2009/837601Google Scholar
  18. 18.
    Xie, M., Hu, J., Han, S., Chen, H.-H.: Scalable Hypergrid k-NN-Based Online Anomaly Detection in Wireless Sensor Networks. IEEE Transactions on Parallel & Distributed Systems 24(8), 1661–1670 (2013), doi:10.1109/TPDS.2012.261CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Institute of Telecommunications, Faculty of Telecommunications and Electrical EngineeringUniversity of Technology and Life Sciences (UTP)BydgoszczPoland

Personalised recommendations