Network anomaly detection for railway critical infrastructure based on autoregressive fractional integrated moving average

The article proposes a novel two-stage network traffic anomaly detection method for the railway transportation critical infrastructure monitored using wireless sensor networks (WSN). The first step of the proposed solution is to find and eliminate any outlying observations in the analyzed parameters of the WSN traffic using a simple and fast one-dimensional quartile criterion. In the second step, the remaining data is used to estimate autoregressive fractional integrated moving average (ARFIMA) statistical models describing variability of the tested WSN parameters. The paper also introduces an effective method for the ARFIMA model parameters estimation and identification using Haslett and Raftery estimator and Hyndman and Khandakar technique. The choice of the “economically” parameterized form of the model was based on the compromise between the conciseness of representation and the estimation of the error size. To detect anomalous behavior, i.e., a potential network attack, the proposed detection method uses statistical relations between the estimated traffic model and its actual variability. The obtained experimental results prove the effectiveness of the presented approach and aptness of selection of the statistical models.

[1]  David R. Cox,et al.  Time Series Analysis , 2012 .

[2]  Eylem Ekici,et al.  Vehicular Networking: A Survey and Tutorial on Requirements, Architectures, Challenges, Standards and Solutions , 2011, IEEE Communications Surveys & Tutorials.

[3]  Martina Zitterbart,et al.  Security in Sensor Networks , 2010, it Inf. Technol..

[4]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[5]  Wojciech Mazurczyk,et al.  Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence , 2016, IEEE Transactions on Information Forensics and Security.

[6]  C. Granger,et al.  AN INTRODUCTION TO LONG‐MEMORY TIME SERIES MODELS AND FRACTIONAL DIFFERENCING , 1980 .

[7]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[8]  Markus Bohlin,et al.  Statistical Anomaly Detection for Train Fleets , 2012, AI Mag..

[9]  Shivakant Mishra,et al.  INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks ; CU-CS-939-02 , 2002 .

[10]  Vasco J.C.R. de A. Gabriel,et al.  On the Forecasting Ability of ARFIMA Models When Infrequent Breaks Occur , 2004 .

[11]  Bonnie K. Ray,et al.  Model selection and forecasting for long‐range dependent processes , 1996 .

[12]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[13]  P. Young,et al.  Time series analysis, forecasting and control , 1972, IEEE Transactions on Automatic Control.

[14]  Jonathan D. Cryer,et al.  Time Series Analysis , 1986, Encyclopedia of Big Data.

[15]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[16]  Jan Beran,et al.  Statistics for long-memory processes , 1994 .

[17]  Tomasz Andrysiak,et al.  Network Anomaly Detection Based on Statistical Models with Long-Memory Dependence , 2015, DepCoS-RELCOMEX.

[18]  Amer Aijaz,et al.  Attacks on Inter Vehicle Communication Systems-an Analysis , 2005 .

[19]  Herman J. Bierens,et al.  Information Criteria and Model Selection , 2005 .

[20]  Moongu Jeon,et al.  Scene Modeling-Based Anomaly Detection for Intelligent Transport System , 2013, 2013 4th International Conference on Intelligent Systems, Modelling and Simulation.

[21]  Fallaw Sowell Maximum likelihood estimation of stationary univariate fractionally integrated time series models , 1992 .

[22]  Simon Pietro Romano,et al.  Evaluating Pattern Recognition Techniques in Intrusion Detection Systems , 2005, PRIS.

[23]  Yuh-Jye Lee,et al.  Anomaly detection on ITS data via view association , 2013, ODD '13.

[24]  Miodrag Potkonjak,et al.  On communication security in wireless ad-hoc sensor networks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[25]  Anupam Joshi,et al.  Security in Sensor Networks , 2020, Texts in Computer Science.

[26]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[27]  James Hofmeister,et al.  Advanced diagnostics and anomaly detection for railroad safety applications: Using a wireless, IoT-enabled measurement system , 2015, 2015 IEEE AUTOTESTCON.

[28]  Yuzo Hosoya The quasi-likelihood approach to statistical inference on multiple time-series with long-range dependence☆ , 1996 .

[29]  Pascal Poncelet,et al.  Anomaly detection in monitoring sensor data for preventive maintenance , 2011, Expert Syst. Appl..

[30]  Richard A. Davis,et al.  Introduction to time series and forecasting , 1998 .

[31]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[32]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[33]  Rob J Hyndman,et al.  Automatic Time Series Forecasting: The forecast Package for R , 2008 .

[34]  Tomasz Andrysiak,et al.  Network Anomaly Detection Based on ARFIMA Model , 2014, IP&C.

[35]  Tomer Toledo,et al.  Real-Time Road Traffic Anomaly Detection , 2014 .

[36]  Erdal Cayirci,et al.  Security in Wireless Ad Hoc and Sensor Networks , 2009 .

[37]  Woroud Alothman A Survey of Intelligent Transportation Systems , 2018 .

[38]  E. Schoch,et al.  Security requirements and solution concepts in vehicular ad hoc networks , 2007, 2007 Fourth Annual Conference on Wireless on Demand Network Systems and Services.

[39]  A. Raftery,et al.  Space-time modeling with long-memory dependence: assessing Ireland's wind-power resource. Technical report , 1987 .

[40]  Rola Naja A Survey of Communications for Intelligent Transportation Systems , 2013 .

[41]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[42]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[43]  B. Strulo,et al.  Securing Mobile Ad hoc Networks — A Motivational Approach , 2003 .

[44]  John W. Tukey,et al.  Exploratory Data Analysis. , 1979 .

[45]  George E. P. Box,et al.  Time Series Analysis: Forecasting and Control , 1977 .

[46]  Tomasz Andrysiak,et al.  A Comparative Study of Statistical Models with Long and Short-Memory Dependence for Network Anomaly Detection , 2015, IP&C.

[47]  G. Dimitrakopoulos,et al.  Intelligent Transportation Systems , 2010, IEEE Vehicular Technology Magazine.