Anomaly detection using digital signature of network segment with adaptive ARIMA model and Paraconsistent Logic

Detecting anomalies accurately in network traffic behavior is essential for a variety of network management and security tasks. This paper presents an anomaly detection approach employing Digital Signature of Network Segment using Flow Analysis (DSNSF), generated with an ARIMA model. Also, a functional algorithm based on a non-classical logic called Paraconsistent Logic is proposed aiming to avoid high false alarms rates. The key idea of the proposed approach is to characterize the normal behavior of network traffic and then identify the traffic patterns behavior that might harm networks services. Experimental results on a real network demonstrate the effectiveness the proposed approach. The results are promising, showing that the flow analysis performed is able to detect anomalous traffic with precision, sensitivity and good performance.

[1]  Gwilym M. Jenkins,et al.  Time series analysis, forecasting and control , 1972 .

[2]  Newton C. A. da Costa,et al.  Aspects of Paraconsistent Logic , 1995, Log. J. IGPL.

[3]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[4]  Abdelwahab Hamou-Lhadj,et al.  An improved Hidden Markov Model for anomaly detection using frequent common patterns , 2012, 2012 IEEE International Conference on Communications (ICC).

[5]  Benito E. Flores,et al.  A pragmatic view of accuracy measurement in forecasting , 1986 .

[6]  Antonio Pescapè,et al.  A cascade architecture for DoS attacks detection based on the wavelet transform , 2009, J. Comput. Secur..

[7]  Gwilym M. Jenkins,et al.  Time series analysis, forecasting and control , 1971 .

[8]  S. Shankar Sastry,et al.  Revisit Dynamic ARIMA Based Anomaly Detection , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[9]  Sylvio Barbon Junior,et al.  Introducing the Discriminative Paraconsistent Machine (DPM) , 2013, Inf. Sci..

[10]  Tao Qin,et al.  Monitoring abnormal network traffic based on blind source separation approach , 2011, J. Netw. Comput. Appl..

[11]  Jair Minoro Abe,et al.  Paraconsistent Artificial Neural Networks: An Introduction , 2004, KES.

[12]  Mario Lemes Proença,et al.  Baseline to help with network management , 2004, e-Business and Telecommunication Networks.

[13]  Xinmiao Zhang,et al.  Wireless Security and Cryptography: Specifications and Implementations , 2007 .

[14]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[15]  Siavash Khorsandi,et al.  An unsupervised network anomaly detection approach by k-Means clustering & ID3 algorithms , 2008, 2008 IEEE Symposium on Computers and Communications.

[16]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[17]  Su Fong Chien,et al.  ARIMA Based Network Anomaly Detection , 2010, 2010 Second International Conference on Communication Software and Networks.

[18]  Marcos V. O. de Assis,et al.  Anomaly Detection Using Forecasting Methods ARIMA and HWDS , 2013, 2013 32nd International Conference of the Chilean Computer Science Society (SCCC).

[19]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.