Title :
SARIMA based network bandwidth anomaly detection
Author :
Hanbanchong, Aphichit ; Piromsopa, Krerk
Author_Institution :
Dept. of Comput. Eng., Chulalongkorn Univ., Bangkok, Thailand
fDate :
May 30 2012-June 1 2012
Abstract :
Network bandwidth is considered a valuable resource in most computer systems. To precisely detect network anomalies (with a few false alarms), an intrusion detection system requires reliable methods. A potential solution in predicting network bandwidth usage is using a time-series model with a threshold. This paper proposes a network anomaly detection technique based on SARIMA, a time-series model, to capture seasonal behavior of bandwidth usage of most networks. Our proposed SARIMA based anomaly detection is capable of detecting network bandwidth anomalies effectively when a threshold equals to 8.5 percents of maximum bandwidth in a day. Our result yields 3.57 percents of false alarms. We concluded that SARIMA is a better instrumental tool for intrusion detection comparing to ARIMA.
Keywords :
autoregressive moving average processes; computer network security; time series; SARIMA based network bandwidth anomaly detection; intrusion detection system; seasonal autoregressive integrated moving average; time-series model; Bandwidth; Computational modeling; Computers; Equations; Intrusion detection; Mathematical model; Predictive models; Forecasting; Intrusion detection; SARIMA; Security;
Conference_Titel :
Computer Science and Software Engineering (JCSSE), 2012 International Joint Conference on
Conference_Location :
Bangkok
Print_ISBN :
978-1-4673-1920-1
DOI :
10.1109/JCSSE.2012.6261934
