Forecasting-Based Sampling Decision for Accurate and Scalable Anomaly Detection

Author

Hashim, Fazirulhisyam ; Jamalipour, Abbas

Author_Institution

Univ. of Sydney, Sydney, NSW, Australia

fYear

2009

Firstpage

1

Lastpage

6

Abstract

This paper proposes the inclusion of two traffic forecasting frameworks in traffic sampling paradigm. The proposed frameworks: namely, the pattern forecasting and the attack forecasting, predicts the occurrence of traffic deviation and examines the existence of malicious attack in the traffic deviation, respectively. While the former utilizes the ARAR model to forecast the network traffic, the latter exploits the statistical likelihood function to determine whether any malicious attack is the origin of the traffic deviation. In addition, a dynamic weight assignment strategy is proposed to further improve the efficiency of the sampling strategy. Performance evaluation indicates that the inclusion of both forecasting frameworks and dynamic weight assignment in the sampling strategy can improve the accuracy and scalability of the anomaly detection.

Keywords

signal sampling; telecommunication security; attack forecasting; dynamic weight assignment strategy; forecasting-based sampling decision; malicious attack; network traffic; pattern forecasting; performance evaluation; sampling strategy; scalability; scalable anomaly detection; statistical likelihood function; traffic deviation; traffic forecasting frameworks; traffic sampling paradigm; Australia Council; Condition monitoring; Feedback; Predictive models; Quality of service; Resource management; Sampling methods; Scalability; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE

Conference_Location

Honolulu, HI

ISSN

1930-529X

Print_ISBN

978-1-4244-4148-8

Type

conf

DOI

10.1109/GLOCOM.2009.5426221

Filename

5426221