DETECTION OF ANOMALIES IN THE TELECOMMUNICATIONS TRAFFIC BY STATISTICAL METHODS
Open Access
- 25 March 2021
- journal article
- Published by Borys Grinchenko Kyiv University in Cybersecurity: Education, Science, Technique
- Vol. 11 (3), 183-194
- https://doi.org/10.28925/2663-4023.2021.11.183194
Abstract
Anomaly detection is an important task in many areas of human life. Many statistical methods are used to detect anomalies. In this paper, statistical methods of data analysis, such as survival analysis, time series analysis (fractal), classification method (decision trees), cluster analysis, entropy method were chosen to detect anomalies. A description of the selected methods is given. To analyze anomalies, the traffic and attack implementations from an open dataset were taken. More than 3 million packets from the dataset were used to analyze the described methods. The dataset contained legitimate traffic (75%) and attacks (25%). Simulation modeling of the selected statistical methods was performed on the example of network traffic implementations of telecommunication networks of different protocols. To implement the simulation, programs were written in the Pyton programming language. DDoS attacks, UDP-flood, TCP SYN, ARP attacks and HTTP-flood were chosen as anomalies. A comparative analysis of the performance of these methods to detect anomalies (attacks) on such parameters as the probability of anomaly detection, the probability of false positive detection, the running time of each method to detect the anomaly was carried out. Experimental results showed the performance of each method. The decision tree method is the best in terms of anomaly identification probability, fewer false positives, and anomaly detection time. The entropy analysis method is slightly slower and gives slightly more false positives. Next is the cluster analysis method, which is slightly worse at detecting anomalies. Then the fractal analysis method showed a lower probability of detecting anomalies, a higher probability of false positives and a longer running time. The worst was the survival analysis method.Keywords
This publication has 22 references indexed in Scilit:
- Data analytics-based anomaly detection in smart distribution networkPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- A Novel Anomaly Detection Algorithm Using DBSCAN and SVM in Wireless Sensor NetworksWireless Personal Communications, 2017
- Topological and statistical behavior classifiers for tracking applicationsIEEE Transactions on Aerospace and Electronic Systems, 2017
- Entropy-based network anomaly DetectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate DataPLOS ONE, 2016
- Outlier Detection in Survival Analysis based on the Concordance C-indexPublished by INSTICC ,2015
- Detecting anomaly in data streams by fractal modelWorld Wide Web, 2014
- Fractal Based Anomaly Detection over Data StreamsLecture Notes in Computer Science, 2013
- Data MiningPublished by Elsevier BV ,2012
- Anomaly detectionACM Computing Surveys, 2009