A Comparative Study of Statistical Models with Long and Short-Memory Dependence for Network Anomaly Detection

Protection of systems and computer networks against novel, unknown attacks is currently an intensively examined and developed domain. One of possible solutions to the problem is detection and classification of abnormal behaviors reflected in the analyzed network traffic. In the presented article we attempt to resolve the problem by anomaly detection in the analyzed network traffic described with the use of five different statistical models. We tested two groups of models which differed in autocorrelation dependences. The first group was composed of AR, MR and ARMA models which are characterized by short memory dependences. The second group, on the other hand, included statistical attempts described with ARFIMA and FIGARCH models which are characterized by long memory dependences. In order to detect anomalies in the network traffic we used differences between real network traffic and its estimated model. Obtained results of the performed experiments show purposefulness of the conducted comparative study of exploited statistical models.

[1]  Vasco J.C.R. de A. Gabriel,et al.  On the Forecasting Ability of ARFIMA Models When Infrequent Breaks Occur , 2004 .

[2]  Bonnie K. Ray,et al.  Model selection and forecasting for long‐range dependent processes , 1996 .

[3]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[4]  Rob J Hyndman,et al.  Automatic Time Series Forecasting: The forecast Package for R , 2008 .

[5]  R. Baillie,et al.  Fractionally integrated generalized autoregressive conditional heteroskedasticity , 1996 .

[6]  H. E. Hurst,et al.  Long-Term Storage Capacity of Reservoirs , 1951 .

[7]  Jan Beran,et al.  Statistics for long-memory processes , 1994 .

[8]  David R. Cox,et al.  Time Series Analysis , 2012 .

[9]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[10]  Gwilym M. Jenkins,et al.  Time series analysis, forecasting and control , 1972 .

[11]  Richard A. Davis,et al.  Introduction to time series and forecasting , 1998 .

[12]  C. Granger,et al.  AN INTRODUCTION TO LONG‐MEMORY TIME SERIES MODELS AND FRACTIONAL DIFFERENCING , 1980 .

[13]  Maryam Tayefi,et al.  An Overview of FIGARCH and Related Time Series Models , 2016 .

[14]  Tomasz Andrysiak,et al.  Anomaly Detection Preprocessor for SNORT IDS System , 2012, IP&C.

[15]  A. Raftery,et al.  Space-time modeling with long-memory dependence: assessing Ireland's wind-power resource. Technical report , 1987 .

[16]  J. Geweke,et al.  THE ESTIMATION AND APPLICATION OF LONG MEMORY TIME SERIES MODELS , 1983 .