Title :
Network Anomaly Detection Using Time Series Analysis
Author :
Wu, Qingtao ; Shao, Zhiqing
Author_Institution :
Dept. of Comput. Sci. & Eng., East China Univ. of Sci. & Technol., Shanghai
Abstract :
This paper presents a method of detecting network anomalies by analyzing the abrupt change of time series data obtained from management information base (MIB) variables. The method applies the auto-regressive (AR) process to model the abrupt change of time series data, and performs sequential hypothesis test to detect the anomalies. With time correlation and location correlation, the method determines not only the presence of anomalous activity, but also its occurring time and location. The experimental results show that the proposed method performs well in detecting the traffic-related anomalies
Keywords :
autoregressive processes; correlation methods; security of data; telecommunication security; telecommunication traffic; time series; MIB; autoregressive process; location correlation; management information base; network anomaly detection; sequential hypothesis test; time correlation; time series analysis; traffic-related anomaly; Information analysis; Information management; Internet; Intrusion detection; Monitoring; Performance evaluation; Protocols; Sequential analysis; Telecommunication traffic; Time series analysis;
Conference_Titel :
Autonomic and Autonomous Systems and International Conference on Networking and Services, 2005. ICAS-ICNS 2005. Joint International Conference on
Conference_Location :
Papeete, Tahiti
Print_ISBN :
0-7695-2450-8
DOI :
10.1109/ICAS-ICNS.2005.69
