Abstract
In this article, an attempt to solve the problem of attacks (anomalies) detection in the analyzed network traffic with the use of a mixed statistical model (hybrid) ARIMA-GARCH is presented. The introductory actions consisted in normalization of elements of the analyzed time series by means of the Box-Cox transformation. To determine, though, if the analyzed time series were characterized by heteroscedasticity, they were subjected to the White’s test. For comparison, there were also tested with the use of differing statistical approaches (described by mean or conditional variance), realized by individual models of ARIMA and GARCH. The choice of optimal models’ parameters was performed as a compromise between the coherence of the model and the size of estimation error. To detect attacks (anomalies) in the network traffic, there were used relations between the proper estimated model of the network traffic, and its real parameters. The presented experimental results confirmed fitness and efficiency of the proposed solutions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical report 99-15, Department of Computer Engineering (2000)
Jackson, K.: Intrusion Detection Systems (IDS), Product Survey. Los Alamos National Library, LA-UR-99-3883 (1999)
Hajji, H.: Statistical analysis of network traffic for adaptive faults detection. IEEE Trans. Neural Netw. 16(5), 1053–1063 (2005)
Kiedrowski, P.: Toward more efficient and more secure last mile smart metering and smart lighting communication systems with the use of PLC/RF hybrid technology. Int. J. Distrib. Sens. Netw. 2015, 1–9 (2015). Article ID 675926. http://dx.doi.org/10.1155/2015/675926
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 71–82. ACM (2002)
Chondola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–72 (2009)
Yaacob, A., Tan, I., Chien, S., Tan, H.: ARIMA based network anomaly detection. In: Second International Conference on Communication Software and Networks, pp. 205–209. IEEE (2010)
Rodriguez, A., Mozos, M.: Improving network security through traffic log anomaly detection using time series analysis. In: Computational Intelligence in Security for Information Systems, pp. 125–133 (2010)
Liang, H., Xiaoming, B.: Research of DDoS attack mechanism and its defense frame. In: 3rd International Conference on Computer Research and Development, pp. 440–442 (2011)
Mirkovic, V.J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings of ICNP, pp. 312–321 (2002)
Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Trans. Sig. Process. Spec. Issue Sig. Process. Netw. 51(8), 2191–2204 (2003)
Granger, C.W.J., Joyeux, R.: An introduction to long-memory time series models and fractional differencing. J. Time Ser. Anal. 1, 15–29 (1980)
Engle, R.: Autoregressive conditional heteroskedasticity with estimates of the variance of UK inflation. Econometrica 50, 987–1008 (1982)
Bollerslev, T.: Generalized autoregressive conditional heteroskedasticity. J. Econometrics 31, 307–327 (1986)
Tayefi, M., Ramanathan, T.V.: An overview of FIGARCH and related time series models. Austrian J. Stat. 41(3), 175–196 (2012)
Box, G., Jenkins, G., Reinsel, G.: Time Series Analysis. Holden-day, San Francisco (1970)
Baillie, R., Bollerslev, T., Mikkelsen, H.: Fractionally integrated generalized autoregressive conditional heteroskedasticity. J. Econometrics 74, 3–30 (1996)
Hosking, J.: Fractional differencing. Biometrika 68, 165–176 (1981)
Andersen, T.G., Bollerslev, T.: ARCH and GARCH models. In: Kotz, S., Read, C.B. Banks, D.L. (eds.) Encyclopaedia of Statistical Sciences, vol. 2. John Wiley and Sons (1998)
Liu, H., Shi, J.: Applying ARMA-GARCH approaches to forecasting short-term electricity prices. Energy Economics 37, 152–166 (2013)
Box, G.E.P., Cox, D.R.: An analysis of transformations. J. Roy. Stat. Soc. B 26, 211–252 (1964)
Brockwell, P., Davis, R.: Introduction to time series and forecasting. Springer Verlag (2002)
Hyndman, R.J., Khandakar, Y.: Automatic time series forecasting: the forecast package for R. J. Stat. Softw. 27(3), 1–22 (2008)
SNORT - Intrusion Detection System. https://www.snort.org
Andrysiak, T., Saganowski, Ł., Choras, M., Kozik, R.: Network traffic prediction and anomaly detection based on ARFIMA model. In: de la Puerta, J.G. et al., International Joint Conference SOCO’14-CISIS’14-ICEUTE’14 Advances in Intelligent Systems and Computing, vol. 299, pp. 545–554 (2014)
Kali Linux. https://www.kali.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Andrysiak, T., Saganowski, Ł., Maszewski, M., Marchewka, A. (2018). Detection of Network Attacks Using Hybrid ARIMA-GARCH Model. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Advances in Dependability Engineering of Complex Systems. DepCoS-RELCOMEX 2017. Advances in Intelligent Systems and Computing, vol 582. Springer, Cham. https://doi.org/10.1007/978-3-319-59415-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-59415-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59414-9
Online ISBN: 978-3-319-59415-6
eBook Packages: EngineeringEngineering (R0)