Skip to main content
SpringerLink
Log in

Adaptive Traffic Modelling for Network Anomaly Detection

  • Chapter
  • First Online:
Modern Discrete Mathematics and Analysis

Part of the book series: Springer Optimization and Its Applications ((SOIA,volume 131))

  • 1512 Accesses

Abstract

With the rapid expansion of computer networks, security has become a crucial issue, either for small home networks or large corporate intranets. A standard way to detect illegitimate use of a network is through traffic monitoring. Consistent modelling of typical network activity can help separate the normal use of the network from an intruder activity or an unusual user activity. In this work an adaptive traffic modelling and estimation method for detecting network unusual activity, network anomaly or intrusion is presented. The proposed method uses simple and widely collected sets of traffic data, such as bandwidth utilization. The advantage of the method is that it builds the traffic patterns using data found easily by polling a network node MIB. The method was tested using real traffic data from various network segments in our university campus. The method performed equally well either offline or in real time, running at a fraction of the smallest sampling interval set by the network monitoring programs. The implemented adaptive multi-model partitioning algorithm was able to identify successfully all typical or unusual activities contained in the test datasets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akaike, H.: Fitting autoregressive models for prediction. Ann. Inst. Stat. Math. 21, 243–247 (1969)

    Article  MathSciNet  Google Scholar 

  2. Anderson, B.D.O., Moore, J.B.: Optimal Filtering. Prentice Hall, Englewood Cliffs, NJ (1979)

    Google Scholar 

  3. Box, G., Jenkins, G.M., Reinsel, G.: Time Series Analysis: Forecasting and Control, 3rd edn. Prentice Hall, Englewood Cliffs, NJ (1994)

    Google Scholar 

  4. Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA (1992)

    Google Scholar 

  5. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)

    Article  Google Scholar 

  6. Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: ICML 2000, Menlo Park, CA. AAAI Press (2000)

    Google Scholar 

  7. Halsall, F.: Data Communications, Computer Networks and Open Systems. Addison-Wesley, Harlow (1996)

    Google Scholar 

  8. Hood, C., Ji, C.: Proactive network fault detection. IEEE Trans. Reliab. 46, 333 (1997)

    Google Scholar 

  9. Katris, C., Daskalaki, S.: Comparing forecasting approaches for internet traffic. Expert Syst. Appl. 42(21), 8172–8183 (2015)

    Article  Google Scholar 

  10. Katsikas, S.K., Likothanassis, S.D., Lainiotis, D.G.: AR model identification with unknown process order. IEEE Trans. Acoust. Speech Signal Process. 38(5), 872–876 (1990)

    Article  MathSciNet  Google Scholar 

  11. Keshav, S.: An Engineering Approach to Computer Networking: ATM, Internet and Telephone Network. Addison-Wesley, Reading, MA (1997)

    Google Scholar 

  12. Lainiotis, D.G.: Partitioning: a unifying framework for adaptive systems, I: estimation. Proc. IEEE 64, 1126–1142 (1976)

    Article  MathSciNet  Google Scholar 

  13. Lawrence, L.H., Cavuto, D.J., Papavassiliou, S., Zawadzki, A.G.: Adaptive and automated detection of service anomalies in transaction-oriented WAN’s: network analysis, algorithms, implementation, and deployment. IEEE J. Sel. Areas Commun. 18(5), 744–757 (2000)

    Google Scholar 

  14. Maxion, R., Feather, F.E.: A case study of ethernet anomalies in a distributed computing environment. IEEE Trans. Reliab. 39, 433–443 (1990)

    Article  Google Scholar 

  15. Moussas, V.C.: Network traffic flow prediction using multi-model partitioning algorithms. In: Tsahalis, D.T. (ed.) 2nd International Conference SCCE, Athens. Patras University Press, Patras (2006)

    Google Scholar 

  16. Moussas, V.C.: Traffic and user behaviour model classification for network simulation and anomaly detection. In: Tsahalis, D.T. (ed.) 2nd International Conference EPSMSO, Athens. Patras University Press, Patras (2007)

    Google Scholar 

  17. Moussas, V.C., Pappas, Sp.St.: Adaptive network anomaly detection using bandwidth utilization data. In: Tsahalis, D.T. (ed.) 1st International Conference EPSMSO, Athens. Patras University Press (2005)

    Google Scholar 

  18. Moussas, V.C., Daglis, M., Kolega, E.: Network traffic modeling and prediction using multiplicative seasonal ARIMA models. In: Tsahalis, D.T. (ed.) 1st International Conference EPSMSO, Athens, 6–9 July 2005

    Google Scholar 

  19. Oetiker, T.: Multi Router Traffic Grapher (MRTG) tool - Software Package and Manuals. At: oss.oetiker.ch/mrtg (2005)

    Google Scholar 

  20. Oetikerr, T.: Round Robin Database tool (RRDtool) - Software Package and Manuals. At: oss.oetiker.ch/rrdtool (2016)

    Google Scholar 

  21. Papagiannaki, K., Taft, N., Zhang, Z., Diot, C.: Long-term forecasting of internet backbone traffic: observations and initial models. In: IEEE Infocom (2003)

    Google Scholar 

  22. Papazoglou, P.M., Karras, D.A., Papademetriou, R.C.: High performance novel hybrid DCA algorithms for efficient channel allocation in cellular communications modelled and evaluated through a Java simulation system. WSEAS Trans. Comput. 5(11), 2078–2085 (2006)

    Google Scholar 

  23. Pappas, S.Sp., Katsikas, S.K., Moussas, V.C.: MV-ARMA order estimation via multi-model partition theory. In: Tsahalis, D.T. (ed.) 2nd International Conference EPSMSO, Athens, vol. II, pp. 688–698. Patras University Press, Patras (2007)

    Google Scholar 

  24. Permanasari, A.E., Hidayah, I., Bustoni, I.A.: Forecasting model for hotspot bandwidth management at Department of Electrical Engineering and Information Technology UGM. Int. J. Appl. Math. Stat. 53(4), 227 (2015)

    Google Scholar 

  25. Porras, P., Neumann, P.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD (1997)

    Google Scholar 

  26. Rhodes, B., Mahafey, J., Cannady, J.: Multiple self-organizing maps for intrusion detection. In: Proceedings of NISSC 2000 Conference (2000)

    Google Scholar 

  27. Shu, Y., Yu, M., Liu, J., Yang, O.W.W.: Wireless traffic modeling and prediction using seasonal ARIMA models. In: IEEE International Conference Communication May 2003, ICC03, vol. 3 (2003)

    Google Scholar 

  28. Smith, L.B.: Comparison of parametric and nonparametric models for traffic flow forecasting. Transp. Res. C 10, 303–321 (2002)

    Article  Google Scholar 

  29. Solomos, G.P., Moussas, V.C.: A time series approach to fatigue crack propagation. Struct. Saf. 9, 211–226 (1991)

    Article  Google Scholar 

  30. Tanenbaum, A.S.: Computer Networks. Prentice-Hall, Englewood Cliffs, NJ (1996)

    MATH  Google Scholar 

  31. Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)

    Article  Google Scholar 

  32. You, C., Chandra, K.: Time series models for internet data traffic. In: 24th Conference on Local Computer Networks. LCN-99 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Applied Informatics, Department of Civil Engineering, University of West Attica, Egaleo-Athens, Greece

    Vassilios C. Moussas

Authors
  1. Vassilios C. Moussas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vassilios C. Moussas .

Editor information

Editors and Affiliations

  1. Department of Mathematics, Hellenic Military Academy, Vari, Greece

    Nicholas J. Daras

  2. Department of Mathematics, National Technical University of Athens, Athens, Greece

    Themistocles M. Rassias

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Moussas, V.C. (2018). Adaptive Traffic Modelling for Network Anomaly Detection. In: Daras, N., Rassias, T. (eds) Modern Discrete Mathematics and Analysis . Springer Optimization and Its Applications, vol 131. Springer, Cham. https://doi.org/10.1007/978-3-319-74325-7_17

Download citation

Publish with us

Policies and ethics

Search

Navigation