Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis

Rodriguez, Aitor Corchero; Mozos, Mario Reyes de los

doi:10.1007/978-3-642-16626-6_14

Cited by 15 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, records with byte counts between 1 and 3 are recorded using magnitude 1 and records with a byte count from 4 to 7 recorded with magnitude 2. The number of packets and bytes is therefore already bucketed so as to obscure small differences and highlight large ones [24]. The information was collected in real time and then processed to see what basic conclusions we could reach from the data.…”

Section: Descriptionmentioning

confidence: 99%

Database techniques for resilient network monitoring and inspection

Jaaz

Oleiwi²,

Sahy³

et al. 2020

TELKOMNIKA

View full text Add to dashboard Cite

Network connection logs have long been recognized as integral to proper network security, maintenance, and performance management. This paper provides a development of distributed systems and write optimized databases: However, even a somewhat sizable network will generate large amounts of logs at very high rates. This paper explains why many storage methods are insufficient for providing real-time analysis on sizable datasets and examines database techniques attempt to address this challenge. We argue that sufficient methods include distributing storage, computation, and write optimized datastructures (WOD). Diventi, a project developed by Sandia National Laboratories, is here used to evaluate the potential of WODs to manage large datasets of network connection logs. It can ingest billions of connection logs at rates over 100,000 events per second while allowing most queries to complete in under one second. Storage and computation distribution are then evaluated using Elastic-search, an open-source distributed search and analytics engine. Then, to provide an example application of these databases, we develop a simple analytic which collects statistical information and classifies IP addresses based upon behavior. Finally, we examine the results of running the proposed analytic in real-time upon broconn (now Zeek) flow data collected by Diventi at IEEE/ACM Supercomputing 2019.

show abstract

Section: Descriptionmentioning

confidence: 99%

Database techniques for resilient network monitoring and inspection

Jaaz

Oleiwi²,

Sahy³

et al. 2020

TELKOMNIKA

View full text Add to dashboard Cite

show abstract

“…Time series is a series of data points indexed in time order, which is widely existed in fields of medical [6,10,26], business [18], industry [20,25], cyber security [17,24] and so on. Time series mining is one of the attractive research topics and a key issue for the last decade, such as classification [22], clustering [15], anomaly detection [19,27], time series visualization [9,13].…”

Section: Introductionmentioning

confidence: 99%

An Improvement of PAA on Trend-Based Approximation for Time Series

Zhang

Chen

Yin

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Piecewise Aggregate Approximation (PAA) is a competitive basic dimension reduction method for high-dimensional time series mining. When deployed, however, the limitations are obvious that some important information will be missed, especially the trend. In this paper, we propose two new approaches for time series that utilize approximate trend feature information. Our first method is based on relative mean value of each segment to record the trend, which divide each segment into two parts and use the numerical average respectively to represent the trend. We proved that this method satisfies lower bound which guarantee no false dismissals. Our second method uses a binary string to record the trend which is also relative to mean in each segment. Our methods are applied on similarity measurement in classification and anomaly detection, the experimental results show the improvement of accuracy and effectiveness by extracting the trend feature suitably.

show abstract

“…Currently, particularly intensively developed methods of intrusion/ attack detection are those using the notion of anomaly in the network traffic [29,26]. One of possible solutions is anomaly detection based on statistical models describing the analyzed network traffic as time series.…”

Section: Introductionmentioning

confidence: 99%

A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

Andrysiak

Saganowski

Maszewski

et al. 2015

Image Processing &Amp; Communications

View full text Add to dashboard Cite

Dynamic development of various systems providing safety and protection to network infrastructure from novel, unknown attacks is currently an intensively explored and developed domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.

show abstract

Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis

Cited by 15 publications

References 8 publications

Database techniques for resilient network monitoring and inspection

Database techniques for resilient network monitoring and inspection

An Improvement of PAA on Trend-Based Approximation for Time Series

A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

Contact Info

Product

Resources

About