Tytuł artykułu
Autorzy
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
DDoS attacks detection method based on modelling the variability with the use of conditional average and variance in examined time series is proposed in this article. Variability predictions of the analyzed network traffic are realized by estimated statistical models with long-memory dependence ARFIMA, Adaptive ARFIMA, FIGARCH and Adaptive FIGARCH. We propose simple parameter estimation models with the use of maximum likelihood function. Selection of sparingly parameterized form of the models is realized by means of information criteria representing a compromise between brevity of representation and the extent of the prediction error. In the described method we propose using statistical relations between the forecasted and analyzed network traffic in order to detect abnormal behavior possibly being a result of a network attack. Performed experiments confirmed effectiveness of the analyzed method and cogency of the statistical models.
Słowa kluczowe
Wydawca
Czasopismo
Rocznik
Tom
Strony
31--40
Opis fizyczny
Bibliogr. 30 poz., rys., tab.
Twórcy
autor
- Institute of Telecommunications, University of Technology&Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
autor
- Institute of Telecommunications, University of Technology&Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
autor
- Institute of Telecommunications, University of Technology&Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
autor
- Institute of Telecommunications, University of Technology&Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland
Bibliografia
- [1] -, (2015). Kali Linux,https://www.kali.org/ (last access: Dec. 2015)
- [2] -, (2015). Prolexic Quarterly Global DDoS Attack Report https://sm.asisonline.org/ASIS%20SM%20Documents/Prolexic%20Quarterly%20Global%20DDoS%20Attack%20Report.pdf (last access: Dec. 2015)
- [3] -, (2015). SNORT - Intrusion Detection System, https://www.snort.org/ (last access: Dec. 2015)
- [4] Andersen, T.G., Bollerslev, T. (1998). ARCH and GARCH models. Encyclopedia of Statistical Sciences
- [5] Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy (Vol. 99). Chalmers University of Technology, Goteborg, Sweden: Technical report
- [6] Baillie, R.T., Bollerslev, T., Mikkelsen, H. (1996). Fractionally Integrated Generalized Autoregressive Conditional Heteroscedasticity, Journal of Econometrics, 74(1), 3-30
- [7] Baillie, R.T., Morana, C. (2009). Modelling long memory and structural breaks in conditional variances: An adaptive FIGARCH approach. Journal of Economic Dynamics and Control, 33(8), 1577-1592
- [8] Beran, J. (1994). Statistics for long-memory processes (Vol. 61). CRC press
- [9] Bollerslev, T. (1986). Generalized Autoregressive Conditional Heteroscedasticity, Journal of Econometrics, 31(3), 307-327
- [10] Box, G.E., Jenkins, G.M., Reinsel, G.C., Ljung, G.M. (2015). Time series analysis: forecasting and control. John Wiley & Sons
- [11] Brockwell, P.J., Davis, R.A. (2006). Introduction to time series and forecasting. Springer Science & Business Media
- [12] Chandola, V., Banerjee, A., Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3), 15
- [13] Crato, N., Ray, B.K. (1996). Model selection and forecasting for long-range dependent processes. Journal of Forecasting, 15(2), 107-125
- [14] Engle, R. (1982). Autoregressive conditional heteroscedasticity with estimates of the variance of UK inflation. Econometrica, 50, 987- 1008
- [15] Gabriel, V.J., Martins, L.F. (2004). On the forecasting ability of ARFIMA models when infrequent breaks occur. Econometrics Journal, 7(2), 455-475
- [16] Geweke, J., Porter-Hudak, S. (1983). The estimation and application of long memory time series models. Journal of time series analysis, 4(4), 221-238
- [17] Granger, C.W., Joyeux, R. (1980). An introduction to long-memory time series models and fractional differencing. Journal of time series analysis, 1(1), 15-29
- [18] Haslett, J, Raftery, A.E. (1989). Space-time modelling with long-memory dependence: assessing Ireland’s wind power resource. Applied Statistics, 38(1), 1-50
- [19] Hosking, J.R. (1981). Fractional differencing. Biometrika, 68(1), 165-176.
- [20] Hu, L., Bi, X. (2011, March). Research of DDoS attack mechanism and its defense frame. In 2011 3rd International Conference on Computer Research and Development
- [21] Hurst, H. (1951). The long-term storage capacity of reservoirs Transactions of American Society Civil Engineer
- [22] Hyndman, R.J., Khandakar, Y. (2008). Automatic time series forecasting: the forecast Package for R. Journal of Statistical Software, 27(3), 1-22
- [23] Jackson, K. A. (1999). Intrusion detection system (IDS) product survey. Los Alamos National Laboratory, Los Alamos, NM, LA-UR-99-3883 Ver, 2, 1-103
- [24] Kayacik, H G., Zincir-Heywood, A.N., Heywood, M.I. (2005, October). Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets. In Proceedings of the third annual conference on privacy, security and trust
- [25] Kumarasamy, S. (2009). An effective defence mechanism for Distributed Denial-of-Service (DDoS) attacks using router-based techniques. International Journal of Critical Infrastructures, 6(1), 73-80
- [26] Lakhina, A., Crovella, M., Diot, C. (2004, October). Characterization of network-wide anomalies in traffic flows. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement (pp. 201-206). ACM
- [27] Lee, W., Stolfo, S.J. (2000). A framework for constructing features and models for intrusion detection systems. ACM transactions on Information and system security (TiSSEC), 3(4), 227-261
- [28] Mirković, J., Prier, G., Reiher, P. (2002, November). Attacking DDoS at the source. In Network Protocols, 2002. Proceedings. 10th IEEE International Conference on (pp. 312-321). IEEE
- [29] Robinson, P.M. (1995). Log-periodogram regression of time series with long range dependence. The annals of Statistics, 1048-1072
- [30] Tayefi, M., Ramanathan, T.V. (2012), An Overview of FIGARCH and Related Time Series Models, Austrian Journal of Statistics, 41(3), 175-196
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-a1330697-ddf8-4814-b660-a31305e9de5e