PhD Forum: A System Identification Approach to Monitoring Network Traffic Security

Network security is a growing area of interest for cyber systems, especially given the increasing number of attacks on companies each year. Though there are a vast amount of tools already available, System Identification (SI) complements intrusion detection systems to help manage network traffic stability. SI is the science of building mathematical models of dynamic systems. This paper introduces the use of SI for modeling network traffic and utilizes a linear time invariant model to analyze performance of real connections and attack instances. We generated several ARX models where each represented a different threat state in the network. We utilized the KDD CUP 1999's DARPA dataset to analyze the performance when dealing with different attacks. Results show that the average model fit was 84.14% when determining if the system was experiencing normal traffic. This value is promising because it shows how well the system is able to determine a network state in a given time when fed input.

[1]  Biao Huang,et al.  System Identification II , 2012 .

[2]  Gagandeep Kaur,et al.  Anomaly Detection in network traffic and role of wavelets , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[3]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[4]  Jun Long,et al.  A novel active cost-sensitive learning method for intrusion detection , 2008, 2008 International Conference on Machine Learning and Cybernetics.

[5]  S. Joe Qin,et al.  A survey of industrial model predictive control technology , 2003 .

[6]  H. C. Peitsman,et al.  ARX models and real-time model-based diagnosis , 1997 .

[7]  Karl Johan Åström,et al.  BOOK REVIEW SYSTEM IDENTIFICATION , 1994, Econometric Theory.

[8]  Johan Bengtsson,et al.  A MANUAL FOR SYSTEM IDENTIFICATION , 2006 .

[9]  Zhixiang Hou,et al.  Nonlinear system identification based on ANFIS , 2003, International Conference on Neural Networks and Signal Processing, 2003. Proceedings of the 2003.

[10]  莊哲男 Applied System Identification , 1994 .