Abstract
The paper presents an attempt to anomaly detection in network traffic using statistical models with long memory. Tests with the GPH estimator were used to check if the analysed time series have the long-memory property. The tests were performed for three statistical models known as ARFIMA, FIGARCH and HAR-RV. Optimal selection of model parameters was based on a compromise between the model’s coherence and the size of the estimation error.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Baillie, R., Bollerslev, T., Mikkelsen, H.: Fractionally Integrated Generalized Autoregressive Conditional Heteroskedasticity. Journal of Econometrics 74, 3–30 (1996)
Beran, J.A.: Statistics for Long-Memory Processes. Chapman and Hall (1994)
Box, G.E., Jenkins, M.G.: Time series analysis forecasting and control, 2nd edn. Holden-Day, San Francisco (1976)
Box, G., Jenkins, G., Reinsel, G.: Time series analysis. Holden-day, San Francisco (1970)
Corsi, F.: A simple approximate long-memory model of realized volatility. Journal of Financial Econometrics 7, 174–196 (2009)
Crato, N., Ray, B.K.: Model Selection and Forecasting for Long-range Dependent Processes. Journal of Forecasting 15, 107–125 (1996)
Engle, R.: Autoregressive conditional heteroskedasticity with estimates of the variance of UK inflation. Econometrica 50, 987–1008 (1982)
Geweke, J., Porter-Hudak, S.: The Estimation and Application of Long Memory Time Series Models. Journal of Time series Analysis (4), 221–238 (1983)
Granger, C.W.J., Joyeux, R.: An introduction to long-memory time series models and fractional differencing. Journal of Time Series Analysis 1, 15–29 (1980)
Hosking, J.: Fractional differencing. Biometrika (68), 165–176 (1981)
Hurst, H.R.: Long-term storage capacity of reservoirs. Transactions of the American Society of Civil Engineers 1, 519–543 (1951)
Robinson, P.M.: Log-periodogram regression of time series with long range dependence. Annals of Statistics 23, 1048–1072 (1995)
Saganowski, Ł., Goncerzewicz, M., Andrysiak, T.: Anomaly Detection Preprocessor for SNORT IDS System. In: Choraś, R.S. (ed.) Image Processing and Communications Challenges 4. AISC, vol. 184, pp. 225–232. Springer, Heidelberg (2013)
SNORT - Intrusion Detection System, https://www.snort.org/
Kali Linux, https://www.kali.org/
Andrysiak, T., Saganowski, Ł., Choraś, M., Kozik, R.: Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model. In: de la Puerta, J.G., et al. (eds.) International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. AISC, vol. 299, pp. 545–554. Springer, Heidelberg (2014)
Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009 (2009), doi:10.1155/2009/837601
Xie, M., Hu, J., Han, S., Chen, H.-H.: Scalable Hypergrid k-NN-Based Online Anomaly Detection in Wireless Sensor Networks. IEEE Transactions on Parallel & Distributed Systems 24(8), 1661–1670 (2013), doi:10.1109/TPDS.2012.261
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Andrysiak, T., Saganowski, Ł. (2015). Network Anomaly Detection Based on Statistical Models with Long-Memory Dependence. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Engineering of Complex Systems and Dependability. DepCoS-RELCOMEX 2015. Advances in Intelligent Systems and Computing, vol 365. Springer, Cham. https://doi.org/10.1007/978-3-319-19216-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-19216-1_1
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19215-4
Online ISBN: 978-3-319-19216-1
eBook Packages: EngineeringEngineering (R0)