Abstract
In this article we present the use of automatically created exponential smoothing models for anomaly detection in networks. We propose the method of parameters estimation and selection by means of model’s order obtained by Hyndman-Khandakar algorithm. Optimal values of the model parameters are chosen on the basis of information criteria reflecting a compromise between the consistency model and the size of its estimation error. In the proposed method, we use statistical relationships between the forecasted and real network traffic to determine whether the tested trace is normal or attacked. Efficiency of our method is examined with the use of large set of real network traffic test traces. The experimental results prove resilience and effectiveness of the suggested solutions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone C.: Evaluating pattern recognition techniques in intrusion detection systems. In: proceedings of the 5th International Workshop on Pattern Recognition in Information Systems, pp. 41–53 (2005)
Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: proceedings of the 4th Conference on Internet Measurement, pp. 201–206 (2004)
Chondola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–72 (2009)
Rodriguez, A., Mozos, M.: Improving network security through traffic log anomaly detection using time series analysis. In: Computational Intelligence in Security for Information Systems, pp. 125–133 (2010)
Chondola, V., Banerjee, A., Kumar, V.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823–839 (2012)
Lim, S.Y., Jones, A.: Network anomaly detection system: the state of art of network behavior analysis. In: proceedings of the 2008 International Conference on Convergence and Hybrid Information Technology, pp. 459–465 (2008)
Rajkumar, M., Nene, J.: A survey on latest dos attacks: classification and defense mechanisms. Int. J. Innov. Res. Comput. Commun. Eng. 1, 1847–1860 (2013)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Scherrer, A., Larrieu, N., Owezarski, P., Borgnat, P., Abry, P.: Non-Gaussian and long memory statistical characterizations for internet traffic with anomalies. IEEE Trans. Dependable Secure Comput. 4(1), 56–70 (2007)
Brockwell, P., Davis, R.: Introduction to Time Series and Forecasting. Springer, Heidelberg (2002)
Yaacob, A., Tan, I., Chien, S., Tan, H.: Arima based network anomaly detection. In: proceedings of 2nd International Conference on Communication Software and Networks, pp. 205–209. IEEE (2010)
Box, G.E., Jenkins, M.G.: Time Series Analysis Forecasting and Control, 2nd edn. Holden-Day, San Francisco (1976)
Andrysiak, T., Saganowski, Ł., Choraś, M., Kozik, R.: Network traffic prediction and anomaly detection based on ARFIMA model. In: proceedings of the 8th International Conference Computational Intelligence in Security for Information Systems, pp. 545–554 (2014)
Goodrich, R.L.: The forecast pro methodology. Int. J. Forecast. 16(4), 533–535 (2000)
Ord, K., Lowe, S.: Automatic forecasting. Am. Stat. 50(1), 88–94 (1996)
Hyndman, R.J., Koehler, A.B., Snyder, R.D., Grose, S.: A state space framework for automatic forecasting using exponential smoothing methods. Int. J. Forecast. 18(3), 439–454 (2002)
Gardner Jr., E.S.: Exponential smoothing: the state of the art. J. Forecast. 4, 1–28 (1985)
Gardner, E.S.: Exponential smoothing – the state of the art – part II. Int. J. Forecast. 22, 637–666 (2006)
Archibald, B.C.: Parameter space of the Holt-Winters’ model. Int. J. Forecast. 6, 199–209 (1990)
Aoki, M.: State Space Modeling of Time Series. Springer, Berlin (1987)
Durbin, J., Koopman, S.J.: Time Series Analysis by State Space Methods. Oxford University Press, Oxford (2001)
Hyndman, R.J., Khandakar, Y.: Automatic time series forecasting: the forecast package for R. J. Stat. Softw. 27(3), 104–133 (2008)
Bozdogan, H.: Model selection and Akaike’s Information Criterion (AIC): the general theory and its analytical extensions. Psychometrika 52, 345–370 (1987)
SNORT. https://www.snort.org/
Kali Linux. https://www.kali.org/
Cheng, P., Zhu, M.: Lightweight anomaly detection for wireless sensor networks. Int. J. Distrib. Sens. Netw. 653232, 2015 (2015)
Xie, M., Han, M., Tian, B., Parvin, S.: Anomaly detection in wireless sensor networks: a survey. J. Netw. Comput. Appl. 34, 1302–1325 (2011)
Garcia-Font, V., Garrigues, C., Rifa-Pous, H.: A comparative study of anomaly detection techniques for smart city wireless sensor networks. Sensors 16, 868 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kierul, M., Kierul, T., Andrysiak, T., Saganowski, Ł. (2020). Automatically Created Statistical Models Applied to Network Anomaly Detection. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-48256-5_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48255-8
Online ISBN: 978-3-030-48256-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)