Network Anomaly Detection Based on Statistical Models with Long-Memory Dependence

The paper presents an attempt to anomaly detection in network traffic using statistical models with long memory. Tests with the GPH estimator were used to check if the analysed time series have the long-memory property. The tests were performed for three statistical models known as ARFIMA, FIGARCH and HAR-RV. Optimal selection of model parameters was based on a compromise between the model’s coherence and the size of the estimation error.

[1]  David R. Cox,et al.  Time Series Analysis , 2012 .

[2]  Ryszard S. Choraś Image Processing and Communications Challenges 4 - 4th International Conference, IP&C 2012, Proceedings , 2013, IP&C.

[3]  Fanny Klett,et al.  International Joint Conference SOCO'14-CISIS'14-ICEUTE'14 - Bilbao, Spain, June 25th-27th, 2014, Proceedings , 2014, SOCO-CISIS-ICEUTE.

[4]  Anne Lohrli Chapman and Hall , 1985 .

[5]  R. Engle Autoregressive conditional heteroscedasticity with estimates of the variance of United Kingdom inflation , 1982 .

[6]  J. Geweke,et al.  THE ESTIMATION AND APPLICATION OF LONG MEMORY TIME SERIES MODELS , 1983 .

[7]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[8]  Jan Beran,et al.  Statistics for long-memory processes , 1994 .

[9]  Tomasz Andrysiak,et al.  Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model , 2014, SOCO-CISIS-ICEUTE.

[10]  C. Granger,et al.  AN INTRODUCTION TO LONG‐MEMORY TIME SERIES MODELS AND FRACTIONAL DIFFERENCING , 1980 .

[11]  Gwilym M. Jenkins,et al.  Time series analysis, forecasting and control , 1972 .

[12]  H. E. Hurst,et al.  Long-Term Storage Capacity of Reservoirs , 1951 .

[13]  Jiankun Hu,et al.  Scalable Hypergrid k-NN-Based Online Anomaly Detection in Wireless Sensor Networks , 2013, IEEE Transactions on Parallel and Distributed Systems.

[14]  Fulvio Corsi,et al.  A Simple Approximate Long-Memory Model of Realized Volatility , 2008 .

[15]  Tomasz Andrysiak,et al.  Anomaly Detection Preprocessor for SNORT IDS System , 2012, IP&C.

[16]  R. Baillie,et al.  Fractionally integrated generalized autoregressive conditional heteroskedasticity , 1996 .

[17]  P. Robinson Log-Periodogram Regression of Time Series with Long Range Dependence , 1995 .

[18]  Bonnie K. Ray,et al.  Model selection and forecasting for long‐range dependent processes , 1996 .