A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

Abstract Dynamic development of various systems providing safety and protection to network infrastructure from novel, unknown attacks is currently an intensively explored and developed domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.

[1]  R. Engle Autoregressive conditional heteroscedasticity with estimates of the variance of United Kingdom inflation , 1982 .

[2]  Simon Pietro Romano,et al.  Real Time Detection of Novel Attacks by Means of Data Mining Techniques , 2005, ICEIS.

[3]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[4]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[5]  Lukasz Saganowski,et al.  Statistical and signal‐based network traffic recognition for anomaly detection , 2012, Expert Syst. J. Knowl. Eng..

[6]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[7]  Kathleen A. Jackson INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY , 1999 .

[8]  Tomasz Andrysiak,et al.  Anomaly Detection Preprocessor for SNORT IDS System , 2012, IP&C.

[9]  H. Bozdogan Model selection and Akaike's Information Criterion (AIC): The general theory and its analytical extensions , 1987 .

[10]  Xiangyang Li,et al.  Decision Tree Classifiers for Computer Intrusion Detection , 2001, Scalable Comput. Pract. Exp..

[11]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[12]  R. Baillie,et al.  Fractionally integrated generalized autoregressive conditional heteroskedasticity , 1996 .

[13]  Tomasz Andrysiak,et al.  Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model , 2014, SOCO-CISIS-ICEUTE.

[14]  Stephen L Taylor,et al.  Modelling Financial Time Series , 1987 .

[15]  Simon Pietro Romano,et al.  Evaluating Pattern Recognition Techniques in Intrusion Detection Systems , 2005, PRIS.

[16]  Mario Reyes de los Mozos,et al.  Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis , 2010, CISIS.

[17]  Maryam Tayefi,et al.  An Overview of FIGARCH and Related Time Series Models , 2016 .

[18]  Pascal Bouvry,et al.  Some issues in solving the anomaly detection problem using immunological approach , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[19]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[20]  T. Bollerslev,et al.  Generalized autoregressive conditional heteroskedasticity , 1986 .

[21]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[22]  Bonnie K. Ray,et al.  Model selection and forecasting for long‐range dependent processes , 1996 .

[23]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[24]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[25]  Liang Hu,et al.  Research of DDoS attack mechanism and its defense frame , 2011, 2011 3rd International Conference on Computer Research and Development.

[26]  Richard A. Davis,et al.  Introduction to time series and forecasting , 1998 .

[27]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[28]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.