Abstract
Considering the network security aspect, one of the best way of preventing network infrastructure against anomalous activities is to monitor its traffic for suspicious activities. The reliable resource to accomplish this task is past network flow data, which can be analyzed to detect congestions, attacks or anomalies to ensure effective QoS of network infrastructure. Network traffic prediction involves analysis of past network flow data by capturing-storing data, preprocessing data, analyzing it based on various parameters & forming behavior patterns for various nodes in network. Once the patterns are observed for different nodes in network, their future communication can be predicted. Upon prediction of anomalous behavior, the preventive action will be initiated without wasting much of a time. Thus reducing the MTTR (mean time to respond) is the outline of our paper. The importance of network traffic data, traffic prediction methods and literatures available on topic are studied in this paper.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The various components of network infrastructure like firewalls, bridges, switching and routing devices, etc. produce traffic data related to network. These data are also called as network flow data. Analysis of network performance can be efficiently done using this data. The obtained analysis would be a valuable resource for network security teams for further network enhancement and optimization. The network flow data reflects real-time view of the network traffic, integrated with peripheral devices and point solutions. Peripheral devices form outermost defense line, preventing entry of most of malicious things into the network. Still 100% capture/prevention of the malicious things is impossible. Only single anomaly can wreak dangerous havoc and on getting inside, peripheral devices will be of no help. Even though localized solutions enhance security by encountering specific problems, broad-based protection is still unreachable for them. Thus even if various components are already present, to strengthen network security, network traffic data analysis and prediction is required (Fig. 1).
Network traffic data flow
2 The Importance of Network Traffic Data
A huge amount of data is been produced by traffic that goes from network infrastructure. This is termed as network flow data. It is a good measure for analyzing performance of network. But if this network flow data is scanned to a very root level, it will act as utmost important resource for securing network from various kinds of attacks. Network infrastructure can be optimized with the output of network flow analysis as well as strength will be added to the existing defense mechanism implemented in infrastructure. Strengthening of defense mechanism is possible if mitigating actions can be initiated within no time lag upon attack. This scenario is possible if attack or anomalous behavior can be known or predicted beforehand. Past flow analysis data will help for prediction of anomalous behaviors. If upon prediction, mitigating or preventive actions can be recommended implicitly, then time required to respond to different anomalous network situations will improve drastically.
Other advantages of network flow data analysis are listed below [19] (Table 1).
3 Techniques for Network Traffic Prediction
The techniques can be divided as statistical & composite techniques. Statistical techniques use linear & non linear time series data models. Composite (statistical plus other domain) are based on data mining, neural network, Hadoop, PSO etc. Some have used term decomposed models when time series is decomposed into four components. Linear time series techniques are AR (Auto Regressive) and MA (Moving Average). When combined together, they create ARMA (Auto Regressive Moving Average) model [22,23,24] (Fig. 2, Table 2).
Network traffic prediction techniques
4 Network Traffic Prediction System
4.1 System Architecture
See Fig. 3.
Prediction system architecture
4.2 Algorithm for Prediction
-
Step 1: FLOW CAPTURE - Packet flow or network flow is captured and stored temporarily to analyze it.
-
Step 2: FLOW EXPORTER- The exporter creates flow registers from network traces.
-
Step 3: FLOW COLLECTOR- The Flow collector generates statistics from the stored file data.
-
Step 4: FLOW ANALYZER- The behavior profiling of each device is created.
-
Step 5: PREDICTION MODULE- Guesses future network flow data & behavior of related nodes.
-
Step 6: ACTION TAKEN- Application or invocation of various security policies, safeguarding actions as per type of attacks will be initiated.
6 Conclusion
With the ever growing network traffic, present is the era of big data. This data can be explored and utilized for prediction of network traffic. This prediction will help to reduce time to respond in case of anomalies. So in this paper we studied and surveyed various network traffic prediction techniques. Prediction methods based on statistic, neural network are discussed. Performance metrics used in various previous studies [10, 13, 16, 18] etc. have been enlisted. The tabular view of surveyed papers focuses on prediction techniques for network traffic. Standard datasets used by the implemented algorithms and metrics used to evaluate the results are grouped in the research works surveyed. Such a review paper would help to provide an insight into the topic to new researchers.
References
Wang, J.-S., Wang, J.-K., Zeng, M.-H., Wang, J.-J.: Prediction of internet traffic based on Elman neural network. In: Control and Decision Conference (CCDC ’09), pp. 1248–1252. IEEE (2009)
Poo, K.H., Tan, I.K., Chee, Y.K.: Bittorrent network traffic forecasting with ARMA. Int. J. Comput. Netw. Commun. 4(4), 143 (2012)
Mahoney, M.V., Chan, P.K.: PHAD: packet header anomaly detection for identifying hostile network traffic. Technical report, PHAD (2001)
Morales, F., Ruiz, M., Gifre, L., Contreras, L.M., López, V., Velasco, L.: Virtual network topology adaptability based on data analytics for traffic prediction. J. Opt. Commun. Netw. 9(1), A35–A45 (2017)
Otoshi, T., Ohsita, Y., Murata, M., Takahashi, Y., Ishibashi, K., Shiomoto, K.: Traffic prediction for dynamic traffic engineering. Comput. Netw. 85, 36–50 (2015)
Park, D.-C., Woo, D.-M.: Prediction of network traffic using dynamic bilinear recurrent neural network. In: Fifth International Conference on Natural Computation (ICNC 2009), vol. 2, pp. 419–423. IEEE (2009)
Sadek, N., Khotanzad, A.: Multi-scale high-speed network traffic prediction using k-factor Gegenbauer ARMA model. In: 2004 IEEE International Conference on Communications, vol. 4, pp. 2148–2152. IEEE (2004)
Yu, Y., Song, M., Ren, Z., Song, J.: Network traffic analysis and prediction based on APM. In: 2011 6th International Conference on Pervasive Computing and Applications (ICPCA), pp. 275–280. IEEE (2011)
Yu, Y., Wang, J., Song, M., Song, J.: Network traffic prediction and result analysis based on seasonal ARIMA and correlation coefficient. In: 2010 International Conference on Intelligent System Design and Engineering Application (ISDEA), vol. 1, pp. 980–983. IEEE (2010)
Chabaa, S., Zeroual, A., Antari, J.: Anfis method for forecasting internet traffic time series. In: Microwave Symposium (MMS), 2009 Mediterrannean, pp. 1–4. IEEE (2009)
Chabaa, S., Zeroual, A., Antari, J.: Identification and prediction of internet traffic using artificial neural networks. J. Intell. Learn. Syst. Appl. 2(03), 147 (2010)
Brockwell, P.J., Davis, R.A.: Introduction to Time Series and Forecasting. Springer Texts in Statistics, 2nd edn. Springer, New York (2002). https://doi.org/10.1007/b97391. ISBN 0-387-95351-5. SPIN 10850334
Tan, I.K.T., Hoong, P.K., Yik, C.: Towards forecasting low network traffic for software patch downloads: an ARMA model forecast using CRONOS. In: Second International Conference on Computer and Network Technology. IEEE (2010). https://doi.org/10.1109/ICCNT.2010.3588. 978-0-7695-4042-9/10 $26.00 © 2010
Hoong, N.K., Hoong, P.K., Tan, I.K.T., Seng, L.C.: Impact of utilizing forecasted network traffic for data transfer. In: 13th International Conference on Advanced Communication Technology (ICACT2011), 13–16 February 2011. INSPEC Accession Number: 11930338, Electronic ISBN: 978-89-5519-155-4, Print ISSN: 1738-9445
Yonghao, W., Cong, L., Jin, W., Guiping, Z.: One new research on method of intelligent substation network traffic prediction. In: 2014 Fifth International Conference on Intelligent Systems Design and Engineering Applications (2014). Electronic ISBN: 978-1-4799-4261-9
Monian-Fa: Network traffic prediction based on particle swarm optimization. In: 2015 International Conference on Intelligent Transportation, Big Data and Smart City, 19–20 December 2015. Electronic ISBN: 978-1-5090-0464-5
Cui, H., Yao, Y., Zhang, K., Sun, F., Liu, Y.: Network traffic prediction based on Hadoop. In: 2014 International Symposium on Wireless Personal Multimedia Communications (WPMC), 7–10 September 2014. Electronic ISSN: 1882-5621
Cao, X., Zhong, Y., Zhou, Y., Wang, J., Zhu, C., Zhang, W.: Interactive temporal recurrent convolution network for traffic prediction in data centers. In: Special Section on Advanced Data Analytics For Large-Scale Complex Data Environments, pp. 2169–3536 (2017). https://doi.org/10.1109/ACCESS.2017.2787696
https://www.flowtraq.com/network-flow-analysis-for-maximum-security/
Hall, J., Mars, P.: Limitations of artificial neural networks for traffic prediction in broadband networks. In: Proceedings of the Third IEEE Symposium on Computers and Communications, ISCC 1998, Cat. No. 98EX166, 30 June–2 July 1998. Print ISBN: 0-8186- 8538-7
Vieira, F.H.T., Costa, V.H.T., Gonçalves, B.H.P.: Neural network based approaches for network traffic prediction. In: Yang, X.-S. (ed.) Artificial Intelligence, Evolutionary Computation and Metaheuristics, SCI 427, pp. 657–684. Springer, Berlin (2013)
https://en.wikipedia.org/wiki/Autoregressive%E2%80%93moving-average_model
Adhikari, R., Agrawal, R.K.: An Introductory Study on Time Series Modeling and Forecasting. LAP LAMBERT Academic Publishing, 29 January 2013. ISBN-10: 3659335088, ISBN-13: 978-3659335082
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Thakare, S., Pund, A., Pund, M.A. (2020). Network Security: Approach Based on Network Traffic Prediction. In: Pandian, A.P., Senjyu, T., Islam, S.M.S., Wang, H. (eds) Proceeding of the International Conference on Computer Networks, Big Data and IoT (ICCBI - 2018). ICCBI 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 31. Springer, Cham. https://doi.org/10.1007/978-3-030-24643-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-24643-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24642-6
Online ISBN: 978-3-030-24643-3
eBook Packages: EngineeringEngineering (R0)