A resource-allocating network for function interpolation
Neural Computation
Link capacity allocation and network control by filtered input rate in high-speed networks
IEEE/ACM Transactions on Networking (TON)
Estimation of parameters and eigenmodes of multivariate autoregressive models
ACM Transactions on Mathematical Software (TOMS)
Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction
Journal of Network and Systems Management
IEEE Journal on Selected Areas in Communications
Network Traffic Flow Separation and Control Through a Hybrid ICA-Fuzzy Adaptive Algorithm
ICA '09 Proceedings of the 8th International Conference on Independent Component Analysis and Signal Separation
An efficient network intrusion detection
Computer Communications
Forecasting-based sampling decision for accurate and scalable anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Improved anomaly detection using block-matching denoising
Computer Communications
Online internet intrusion detection based on flow statistical characteristics
KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management
Hi-index | 0.24 |
In this paper, we propose, study and analyze a new network traffic prediction methodology, based on the 'frequency domain' traffic analysis and filtering, with the objective of enhancing the network anomaly detection capabilities. Based on this approach, the traffic can be effectively separated into a baseline component, that includes most of the low frequency traffic and presents low burstiness, and the short-term traffic that includes the most dynamic part. The baseline traffic is a mean non-stationary periodic time series, and the Extended Resource-Allocating Network (ERAN) methodology is used for its accurate prediction. The short-term traffic is shown to be a time-dependent series, and the Autoregressive Moving Average (ARMA) model is proposed to be used for the accurate prediction of this component. Furthermore, it is demonstrated that the proposed enhanced traffic prediction strategy can be combined with the use of dynamic thresholds and adaptive anomaly violation conditions, in order to improve the network anomaly detection effectiveness.