350 rub
Journal Information-measuring and Control Systems №6 for 2014 г.
Article in number:
Anomalous network traffic forecasting using time series models
Authors:
R. R. Fatkieva - Ph.D. (Eng.), Senior Research Scientist, Laboratory of Computer and Information Systems, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS). E-mail: rrf@iias.spb.su
Abstract:
When choosing a method of network traffic forecasting one must consider the existence of non-stationary processes in the network. Research of the traffic by moving average method showed that the smoothing interval value is important for building the prediction. The choice of this value often causes difficulties due to the presence of cyclic components in the traffic. It is especially difficult if there is a network anomaly. Using exponential smoothing models makes it possible to build a forecast for a short period, but the forecast quality depends on the correct selection of the smoothing factors that require tweaking, especially if we consider non-stationarity of the network processes. Holt-Winters forecasting model takes trends in the initial data series into account, but has the disadvantage of supposing the presence of that trend. This may lead with time to a discrepancy between the forecast and the actual values.
Analysis of the models shown in this paper revealed the need to choose a forecast model considering the required time horizon as well as the attack type, as confirmed by the forecast quality estimates above. Usage of the polymodel forecasting system will increase the forecast accuracy. That will in turn give the possibility of eliminating bandwidth violations.
Pages: 56-59
References
- Nikolaev V.I., Fatkieva R.R. Sistemnyy analiz. Ch. 1. Sistemnoe proektirovanie. Ucheb. posobie. SPb.: SZTU. 2002.
- Grebennikov A.V., Kryukov Yu.A., Chernyagin D.V. Prognozirovanie znacheniy trafika dannykh s ispol'zovaniem vremennykh ryadov // Sistemnyy analiz v nauke i obrazovanii. Elektronnoe nauchnoe izdanie. 2011. № 3. 10 s. URL: http:/www.sanse.ru/archive/21.
- Girik A.V., Zhigulin G.P. Printsipy formirovaniya profilya normal'nogo funktsionirovaniya ob''ektov monitoringa v zadachakh obnaruzheniya setevykh anomaliy // Trudy SPIIRAN. 2013. Vyp. 27. S. 172-180.
- Kotenko I.V., Yusupov R.M. Perspektivnye napravleniya issledovaniy v oblasti komp'yuternoy bezopasnosti // Zashchita informatsii. INSIDE. 2006. №. 2. S. 46-57.
- Levonevskiy D.K., Fatkieva R.R. Issledovanie kombinirovannykh atak klassa «otkaz v obsluzhivanii» // Trudy SPIIRAN. 2014. Vyp. 32. S. 199-209.
- Samoylov M.N., Gamayunov D.Yu., Bezzubtsev S.O., Bulgakov M.A. Osobennosti realizatsii analizatora setevogo trafika s tsel'yu obnaruzheniya vredonosnogo ispolnimogo koda na rekonfiguriruemom vychislitele // Sistemy i sredstva informatsii. 23:1. Problemy informatsionnoy bezopasnosti i nadezhnosti sistem informatiki. 2013. S. 69-79.
- Fatkieva R.R. Primenenie veyvletov Dobeshi dlya obnaruzheniya anomaliy setevogo trafika // Vestnik Buryatskogo gosudarstvennogo universiteta. 2013. Vyp. 9. Ser. Matematika, informatika. S. 81-86.
- Levonevskiy D.K., Fatkieva R.R. Statistical research of traffic-based metrics for the purpose of DDos attack detection // European Science and Technology: materials of the IV international research and practice conference (Munich, April 10th - 11th, 2013). Publishing office Vela Verlag Waldkraiburg. Munich, Germany. 2013. V. 1. R. 259-268.
- Yu Chen, Member Ieee, Kai Hwang, Fellow Ieee, Wei-shinn Ku IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, TPDS-0228-0806 1 Collaborative Detection of DDoS Attacks over Multiple Network Domains