A Comparative Study of Statistical and Neural Network Models for PLC Network Traffic Anomaly Detection

Protection of systems and computer networks against novel, unknown attacks is currently an intensively examined and developed domain. One of possible solutions to the problem is detection and classification of abnormal behaviors reflected in the analyzed network traffic. In the presented article we attempt to resolve the problem by anomaly detection in the analyzed network traffic described with the use of three different models. We tested two class of models which differed in prediction. The first sorts was composed of ARFIMA and Holt-Winters models which are characterized by statistical dependences. The second sorts, on the other hand, included neural network auto-regression model which are characterized by single hidden layer and lagged inputs for forecasting univariate time series. In order to detect anomalies in the network traffic we used differences between real network traffic and its estimated model. The experiment results confirmed efficiency and effectiveness of the presented method.

[1]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[2]  Peter R. Winters,et al.  Forecasting Sales by Exponentially Weighted Moving Averages , 1960 .

[3]  Piotr Kiedrowski Toward More Efficient and More Secure Last Mile Smart Metering and Smart Lighting Communication Systems with the Use of PLC/RF Hybrid Technology , 2015, Int. J. Distributed Sens. Networks.

[4]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[5]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[6]  Simon Pietro Romano,et al.  Evaluating Pattern Recognition Techniques in Intrusion Detection Systems , 2005, PRIS.

[7]  E. S. Gardner EXPONENTIAL SMOOTHING: THE STATE OF THE ART, PART II , 2006 .

[8]  C. Holt Author's retrospective on ‘Forecasting seasonals and trends by exponentially weighted moving averages’ , 2004 .

[9]  Michael Y. Hu,et al.  A simulation study of artificial neural networks for nonlinear time-series forecasting , 2001, Comput. Oper. Res..

[10]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[11]  Ping Tang,et al.  Improving time series anomaly detection based on exponentially weighted moving average (EWMA) of season-trend model residuals , 2016, 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS).

[12]  Wei Yang,et al.  Design of new intelligent street light control system , 2010, IEEE ICCA 2010.

[13]  Nasser S. Abouzakhar,et al.  Critical Infrastructure Cybersecurity : A Review of Recent Threats and Violations , 2013 .

[14]  Juan David Velasquez,et al.  Are neural networks able to forecast nonlinear time series with moving average components? , 2015, IEEE Latin America Transactions.

[15]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[16]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[17]  Su Fong Chien,et al.  ARIMA Based Network Anomaly Detection , 2010, 2010 Second International Conference on Communication Software and Networks.

[18]  C. Granger,et al.  AN INTRODUCTION TO LONG‐MEMORY TIME SERIES MODELS AND FRACTIONAL DIFFERENCING , 1980 .

[19]  S.Y. Lim,et al.  Network Anomaly Detection System: The State of Art of Network Behaviour Analysis , 2008, 2008 International Conference on Convergence and Hybrid Information Technology.

[20]  Adel Said Elmaghraby,et al.  Cyber security challenges in Smart Cities: Safety, security and privacy , 2014, Journal of advanced research.

[21]  Blyth C. Archibald Parameter space of the Holt-Winters' model , 1990 .

[22]  Bonnie K. Ray,et al.  Model selection and forecasting for long‐range dependent processes , 1996 .