Mean square filtering error as a criterion for detecting network traffic anomalies

Бесплатный доступ

The paper considers a method for anomaly detection in network traffic which is based on filtering a random process, representing the expected traffic intensity. A filter that minimizes mean square error is obtained for this process, taking into account traffic fluctuations from expected values as noise. The minimum value of mean square error is determined for the filter. Simulation is performed for the filtering of random samples of process, representing the expected traffic intensity, in the absence and presence of an anomaly with a certain autocorrelation function, and at various values of the signal-to-noise ratio. The simulation results suggest that the deviation of the mean square filtering error from the minimum (expected) value may indicate the presence of an anomalous traffic source in the network, i. e. can be used as an anomaly detection criterion.

Еще

Intrusion detection, anomaly detection, network traffic, wiener filter, weibull distribution

Короткий адрес: https://sciup.org/148326354

IDR: 148326354   |   DOI: 10.18137/RNU.V9187.23.01.P.94

Статья научная