Network Anomaly Detection Using Time Series Analysis

Author

Wu, Qingtao ; Shao, Zhiqing

Author_Institution

Dept. of Comput. Sci. & Eng., East China Univ. of Sci. & Technol., Shanghai

fYear

2005

fDate

23-28 Oct. 2005

Firstpage

42

Lastpage

42

Abstract

This paper presents a method of detecting network anomalies by analyzing the abrupt change of time series data obtained from management information base (MIB) variables. The method applies the auto-regressive (AR) process to model the abrupt change of time series data, and performs sequential hypothesis test to detect the anomalies. With time correlation and location correlation, the method determines not only the presence of anomalous activity, but also its occurring time and location. The experimental results show that the proposed method performs well in detecting the traffic-related anomalies

Keywords

autoregressive processes; correlation methods; security of data; telecommunication security; telecommunication traffic; time series; MIB; autoregressive process; location correlation; management information base; network anomaly detection; sequential hypothesis test; time correlation; time series analysis; traffic-related anomaly; Information analysis; Information management; Internet; Intrusion detection; Monitoring; Performance evaluation; Protocols; Sequential analysis; Telecommunication traffic; Time series analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Autonomic and Autonomous Systems and International Conference on Networking and Services, 2005. ICAS-ICNS 2005. Joint International Conference on

Conference_Location

Papeete, Tahiti

Print_ISBN

0-7695-2450-8

Type

conf

DOI

10.1109/ICAS-ICNS.2005.69

Filename

1559894