Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies

Document Type

Article

Publication Date

6-19-2006

Abstract

In this paper, we propose, study and analyze a new network traffic prediction methodology, based on the 'frequency domain' traffic analysis and filtering, with the objective of enhancing the network anomaly detection capabilities. Based on this approach, the traffic can be effectively separated into a baseline component, that includes most of the low frequency traffic and presents low burstiness, and the short-term traffic that includes the most dynamic part. The baseline traffic is a mean non-stationary periodic time series, and the Extended Resource-Allocating Network (ERAN) methodology is used for its accurate prediction. The short-term traffic is shown to be a time-dependent series, and the Autoregressive Moving Average (ARMA) model is proposed to be used for the accurate prediction of this component. Furthermore, it is demonstrated that the proposed enhanced traffic prediction strategy can be combined with the use of dynamic thresholds and adaptive anomaly violation conditions, in order to improve the network anomaly detection effectiveness. © 2005 Elsevier B.V. All rights reserved.

Identifier

33745243253 (Scopus)

Publication Title

Computer Communications

External Full Text Location

https://doi.org/10.1016/j.comcom.2005.07.030

ISSN

01403664

First Page

1627

Last Page

1638

Issue

10

Volume

29

This document is currently not available here.

Share

COinS