PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

Wybrane pełne teksty z tego czasopisma
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Dynamic development of various systems providing safety and protection to Network infrastructure from novel, unknown attacks is currently an intensively explored and developer domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.
Słowa kluczowe
Twórcy
autor
  • Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
  • Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
autor
  • Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
autor
  • Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
Bibliografia
  • [1] Amini, M., Jalili, R., Shahriari, H. R. (2006). RTUNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks. Computers & Security, 25(6), 459-468
  • [2] Amor, N. B., Benferhat, S., Elouedi, Z. (2004). Naive bayes vs decision trees in intrusion detection systems. In Proceedings of the 2004 ACM symposium on Applied computing (pp. 420-424). ACM
  • [3] Andrysiak, T., Saganowski, Ł., Choraś, M., Kozik, R. (2014). Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model. In International Joint Conference SOCO’14-CISIS’14-ICEUTE’14 (pp. 545-554). Springer International Publishing
  • [4] Baillie, R.T., Bollerslev, T., Mikkelsen, H.O. (1996). Fractionally integrated generalized autoregressive conditional heteroskedasticity. Journal of econometrics, 74(1), 3-30
  • [5] Bollerslev, T. (1986). Generalized autoregressive conditional heteroskedasticity. Journal of econometrics, 31(3), 307-327
  • [6] Bozdogan, H. (1987). Model selection and Akaike’s information criterion (AIC): The general theory and its analytical extensions. Psychometrika, 52(3), 345-370
  • [7] Box, G. E., Jenkins, G. M., Reinsel, G. C. (2011). Time series analysis: forecasting and control (Vol. 734). John Wiley & Sons
  • [8] Brockwell, P. J., Davis, R. A. (2006). Introduction to time series and forecasting. Springer Science & Business Media
  • [9] Chebrolu, S., Abraham, A., Thomas, J.P. (2005). Feature deduction and ensemble design of intrusion detection systems. Computers & Security, 24(4), 295-307
  • [10] Chandola, V., Banerjee, A., Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3), 15
  • [11] Choraś, M., Saganowski, Ł., Renk, R., Hołubowicz, W. (2012). Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems, 29(3), 232-245
  • [12] Crato, N., Ray, B.K. (1996). Model selection and forecasting for long-range dependent processes. Journal of Forecasting, 15(2), 107-125
  • [13] Debar, H., Becker, M., Siboni, D. (1992). A neural network component for an intrusion detection system. In Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on (pp. 240-250). IEEE
  • [14] Engle, R. F. (1982). Autoregressive conditional heteroscedasticity with estimates of the variance of United Kingdom inflation. Econometrica: Journal of the Econometric Society, 987-1007
  • [15] Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C. (2005). Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. In PRIS (pp. 144-153)
  • [16] Esposito M., Mazzariello C., Oliviero F., Romano S.P., Sansone C. (2005). Real Time Detection of Novel Attacks by Means of Data Mining Techniques, ICEIS, 3, 120-127
  • [17] Fiszeder, P. (2009). Modele klasy GARCH w empirycznych badaniach finansowych. Wydawnictwo Naukowe Uniwersytetu Mikołaja Kopernika
  • [18] Global IT Security Risks Survey 2014 Distributed Denial Of Service Attacks, Kaspersky Lab (2014) https://press.kaspersky.com
  • [19] Hu, L., Bi, X. (2011). Research of DDoS attack mechanism and its defense frame. In 2011 3rd International Conference on Computer Research and Development (Vol. 4, pp. 440-442)
  • [20] Jackson, K.A. (1999). Intrusion detection system (IDS) product survey. Los Alamos National Laboratory, Los Alamos, NM, LA-UR-99-3883 Ver, 2, 1-103
  • [21] Kim, J., Bentley, P. J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J. (2007). Immune system approaches to intrusion detection - a review. Natural computing, 6(4), 413-466
  • [22] Lakhina, A., Crovella, M., Diot, C. (2004). Characterization of network-wide anomalies in traffic flows. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement (pp. 201-206). ACM.
  • [23] Lee, W., Stolfo, S.J. (2000). A framework for constructing features and models for intrusion detection systems. ACM transactions on Information and system security (TiSSEC), 3(4), 227-261
  • [24] Li, W. (2004). Using genetic algorithm for network intrusion detection. Proceedings of the United States Department of Energy Cyber Security Group, 1-8
  • [25] Li, X., Ye, N. (2001). Decision tree classifiers for computer intrusion detection. Journal of Parallel and Distributed Computing Practices, 4(2), 179-190
  • [26] Lu, W., Ghorbani, A. A. (2009). Network anomaly detection based on wavelet analysis. EURASIP Journal on Advances in Signal Processing, 2009, 4
  • [27] Moradi, M., Zulkernine, M. (2004). A neural network based system for intrusion detection and classification of attacks. In Proceedings of the 2004 IEEE international conference on advances in intelligent systems-theory and applications
  • [28] Raport CERT Orange Polska za rok 2014, Integrated Solutions, (2014) http://www.orange.pl/ocp-http/PL/Binary2/2000001/4096003938.pdf
  • [29] Rodriguez, A. C., de los Mozos, M. R. (2010). Improving network security through traffic log anomaly detection using time series analysis. In Computational Intelligence in Security for Information Systems 2010 (pp. 125-133). Springer Berlin Heidelberg
  • [30] Saganowski, Ł., Goncerzewicz, M., Andrysiak, T. (2013). Anomaly Detection Preprocessor for SNORT IDS System. In Image Processing and Communications Challenges 4 (pp. 225-232). Springer Berlin Heidelberg
  • [31] Seredynski, F., Bouvry, P. (2005). Some issues in solving the anomaly detection problem using immunological approach. In Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International (pp. 188b-188b). IEEE
  • [32] SNORT - Intrusion Detection System, https://www.snort.org/
  • [33] Tayefi, M., Ramanathan, T. V. (2012). An Overview of FIGARCH and Related Time Series Models. Austrian Journal of Statistics, 41(3), 175-196
  • [34] Taylor, S. (1986). Modelling Financial Time Series, Wiley, Chichester,
  • [35] Ye, N., Chen, Q., Emran, S.M., Noh, K. (2000). Chi-square statistical profiling for anomaly detection. In IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop June 6-7, 2000 at West Point, New York (pp. 187-193)
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-888425c2-5af4-4a0f-b9dc-fa4a7ffd9c89
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.