A Novel Method for Network Anomaly Detection Using Superstatistics

To detect the anomalous events in the time series we propose a new idea that we can view the time series of traffic flows as a nonstationary Poisson process associated with superstatistics theory. According to the superstatistics theory, the complex dynamic system may have a large fluctuationary of intensive quantities on large time scales which causes the system to behave as nonstationarity and nonlinearity which are also the characteristics of network traffic flows. This new idea provides us a novel way to partition the nonstationary traffic time series into small stationary segments which can be modeled by Poisson distribution in sub-second time scales. Different segments follow Poisson distribution with different distribution parameters which are named slow changing parameter compared to the fast changing traffic flows and the series of distribution parameter follows certain distribution too. We use this slow changing parameter of the segments as the key determinant factor of system to describe the network characteristic. To distinguish between the normal traffic and anomalous traffic we calculate hurst parameter of slow changing parameter. By analysing the hurst parameter series we successfully detect some of the anomalous events.