Abstract
In this chapter an approach for modelling intra-values forecasts of a time-series Network Traffic using a mean reverting stochastic process (MRSP) is presented. An autoregressive model of order n, AR(n), formalized in state space, with its unobservable coefficients estimated by a Kalman filter using n past time series observations produces [AR(n)-KF] estimates, which constitute the mean reverting part of the process. A Brownian motion multiplied by a diffusion (or volatility) term constitutes the stochastic part of the process. The determinant and trace of the Kalman filter error covariance matrix multiplied by the process itself is used to capture the diffusion dynamics in the intra-values time-series. The proposed algorithm is designed especially for network traffic and it does not assume stationary data. The method was tested using real traffic data from GRnet concerning our institutional network. Experimental as well as simulation results based on real daily data from the GRnet IP traffic demonstrate the applicability of the model. The proposed MRSP algorithm was able to identify successfully unusual activities contained in the test datasets and produce proper warnings. Applications on real-time D/DoS bandwidth-flooding attack detection, are also presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anderson, B.D.O., Moore, J.B.: Optimal filtering. In: Kailath, T. (ed.) Information and System Sciences Series. Prentice-Hall, Inc., Englewood Cliffs, N.J. (1979)
Anjali, T., Scoglio, C., Chen, L.C., Akyildiz, I.F., Uhl, G.: ABEst: an available bandwidth estimator within an autonomous system. In: IEEE Global Telecommunications Conference, Nov 2002
Arbor Networks: Worldwide infrastructure security reports series (2005–2012) (2012). http://www.arbornetworks.com/report
Bougioukou, A.P., Leros, A.P., Papakonstantinou, V.: Modelling of non-stationary ground motion using the mean reverting stochastic process. Appl. Math. Model. 32, 1912–1932 (2008)
Brockwell, P.J., Davis, R.A.: Introduction time series and forecasting. Springer, New York (2002)
Commandeur, J.J.F., Koopman, S.J.: Practical Econometrics: An Introduction to State Space Time Series Analysis. Oxford University Press, New York (2007)
Cox, J.C., Ingersoll, Jonathan E., Ross, Stephen A.: A theory of the term structure of interest rates. Econometrica 53(2), 385–408 (1985)
Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed Denial of service: attacks and defenses. IEEE Secur. Priv. 12, 54–61 (2013)
Giannopoulos, I.K., Leros, A.P., Leros, A.K., Tsaramirsis, G.: A stochastic model with an adaptive proportional controller for the evolution of user-router bandwidth demand for quality of service (QoS) aspects. In: Ad Hoc and Sensor Wireless Networks (2014)
Giannopoulos, I.K., Leros, A.P., Leros, A.K.: A model for the evolution of router bandwidth. In: WCE2015, pp. 547–551 (2015)
Higham, D.J.: An algorithmic introduction to numerical simulation of stochastic differential equations. SIAM Rev. 43(3), 525–546 (2001)
Kuan Hoong, P., Tan, I.K.T., Yik Keong, C.: Bit torrent network traffic forecasting with ARIMA. IJCNC 4(4) (2012)
Lipschutz, S., Lipson, M.L.: Linear Algebra, 4th edn. In: Schaum’s Outline Series. The McGraw-Hill Companies, Inc. (2009)
Ludwing, A.: Stochastic Differential Equations: Theory and Applications. Wiley (1973)
Mahanta, D., Ahmed, M., Bora, U.J.: A study of bandwidth management in computer networks. Int. J. Innov. Technol. Explor. Eng. 2(2) (2013)
Maybeck, P.: Stochastic Models, Estimation and Control, vol. I. Academic Press (1979)
Mitrokotsa, A., Douligeris C.: DDoS attacks and defense mechanisms: a classification. In: 3rd IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2003)
Mohamed, A.H., Schwarz, K.P.: Adaptive Kalman filtering for INS/GPS. J. Geodesy 73(4), 193–203 (1999)
Moussas, V.C., Daglis, M., Kolega, E.: Network traffic modeling and prediction using multiplicative seasonal ARIMA models. In: Proceedings of the 1st International Conference on Experiments/Process/System Modeling/Simulation/Optimization, Athens, 6–9 July 2005
Moussas, V.C., Pappas, S.S.: Adaptive network anomaly detection using bandwidth utilization data. In: Proceedings of the 1st International Conference on Experiments/Process/System Modeling/Simulation/Optimization, Athens, 6–9 July 2005
Moussas, V.C.: Network traffic flow prediction using multi-model partitioning algorithms. In: Tsahalis, D.T. (ed) Proceedings of the 2nd SCCE International Conference “From Scientific Computing to Computational Engineering”, Athens, 5–8 July 2006
Moussas, V.C.: Adaptive traffic modelling for network anomaly detection (chapter 1). In: Daras, N.J. (ed). Springer (2016)
Oetiker, T.: Multi Router Traffic Grapher (MRTG) tool, Software Package and Manuals (2018). http://oss.oetiker.ch/mrtg/
Oetiker, T.: MRTG: Multi Router Traffic Grapher (2018). http://people.ee.ethz.ch/oetiker/webtools/mrtg/
Oetiker, T.: Round Robin Database Tool (RRD tool), Software Package and Manuals (2018). http://oss.oetiker.ch/rrdtool/
P. T. Inc.: Prolexic Attack Report, Q3 2011–Q4 2012 (2011/2012). http://www.prolexic.com/attackreports
Shu, Y., Yu, M., Liu, J., Yang, O.W.W.: Wireless traffic modeling and prediction using seasonal ARIMA models. In: IEEE International Conference on Communication, ICC’03, vol. 3, May 2003
Thottan, M., Ji, C.: Detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)
White Paper: Understanding fiber ethernet bandwidth vs. end user experience. http://fiberinternetcenter.com/WhitePapers-Podcasts/WhitePaperEthervsEndUser.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Leros, A.P., Andreatos, A.S. (2019). Network Traffic Analytics for Internet Service Providers—Application in Early Prediction of DDoS Attacks. In: Tsihrintzis, G., Sotiropoulos, D., Jain, L. (eds) Machine Learning Paradigms. Intelligent Systems Reference Library, vol 149 . Springer, Cham. https://doi.org/10.1007/978-3-319-94030-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-94030-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94029-8
Online ISBN: 978-3-319-94030-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)