Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies

Authors:
Jun Jiang;Symeon Papavassiliou
Affiliations:
New Jersey Center for Wireless Networking and Internet Security, New Jersey Institute of Technology, University Heights, Newark, NJ 07102, USA;New Jersey Center for Wireless Networking and Internet Security, New Jersey Institute of Technology, University Heights, Newark, NJ 07102, USA
Venue:
Computer Communications
Year:
2006

Citing 5
Cited 5

A resource-allocating network for function interpolation

Neural Computation
Link capacity allocation and network control by filtered input rate in high-speed networks

IEEE/ACM Transactions on Networking (TON)
Estimation of parameters and eigenmodes of multivariate autoregressive models

ACM Transactions on Mathematical Software (TOMS)
Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction

Journal of Network and Systems Management
Adaptive and automated detection of service anomalies in transaction-oriented WANs: network analysis, algorithms, implementation, and deployment

IEEE Journal on Selected Areas in Communications

Network Traffic Flow Separation and Control Through a Hybrid ICA-Fuzzy Adaptive Algorithm

ICA '09 Proceedings of the 8th International Conference on Independent Component Analysis and Signal Separation
An efficient network intrusion detection

Computer Communications
Forecasting-based sampling decision for accurate and scalable anomaly detection

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Improved anomaly detection using block-matching denoising

Computer Communications
Online internet intrusion detection based on flow statistical characteristics

KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management

Quantified Score

Hi-index	0.24

Visualization

Abstract

In this paper, we propose, study and analyze a new network traffic prediction methodology, based on the 'frequency domain' traffic analysis and filtering, with the objective of enhancing the network anomaly detection capabilities. Based on this approach, the traffic can be effectively separated into a baseline component, that includes most of the low frequency traffic and presents low burstiness, and the short-term traffic that includes the most dynamic part. The baseline traffic is a mean non-stationary periodic time series, and the Extended Resource-Allocating Network (ERAN) methodology is used for its accurate prediction. The short-term traffic is shown to be a time-dependent series, and the Autoregressive Moving Average (ARMA) model is proposed to be used for the accurate prediction of this component. Furthermore, it is demonstrated that the proposed enhanced traffic prediction strategy can be combined with the use of dynamic thresholds and adaptive anomaly violation conditions, in order to improve the network anomaly detection effectiveness.