Сhange-point detection test based on the analysis of the time series' autocorrelation and its application for information security

Authors

  • Dmyto Sharadkin Institute of special communication and information protection National technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

DOI:

https://doi.org/10.20535/2411-1031.2017.5.1.120555

Keywords:

Computers network's anomalous behavior, change-points of the model, time series, autocorrelation, time series changes detection test.

Abstract

Methods for detection changes in the behavior of technical objects, in particular in modern information and computer networks, which are based on the analysis of time series has been investigated. It is shown that these objects are characterized by great internal complexity, as well as a variety of probability distribution of their values. A wide range of possible forms and characteristics of behavior changes caused by unpredictability of both the causes themselves and their possible impact on these objects makes research and practical application of change-point detection in this field extremely difficult. These limitations restrict every single method and require the combined aggregate application of the tests for change-point detection in models. The paper survey is one of such tests, which is based on the application of the first order autocorrelation coefficient of the time series. Statistical simulation of the process has been applied for analysis of the possibilities of the test, its power, efficiency and restrictions. Dependencies of the test’s results on the various change-detection algorithm parameters are analyzed. An examining, analyzing and comparison of the test with similar ones for detection of changes in the behavior of objects has been executed. It was determined that in difficult cases the test shows not the worst, but often the best result in terms of the numbers of type I and type II errors, and of the time, which was spent for decision making. The utilization of this test for monitoring of the information and computer networks could increase the level of protection against  various types  of DoS attacks, intrusions, as well as from other causes of  efficiency loss.

Author Biography

Dmyto Sharadkin, Institute of special communication and information protection National technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

candidate of technical sciences,
associate professor, associate
professor at the cybersecurity
and application of automated
information systems and technologies
academic department

References

O.I.Sheluhin, D.J. Sakalama, A.S.,Filinova, Intrusion Detection in computer networks (network anomalies). Moscow, Russia, hotline-Telecom,2013.

N.Adams, and N.Heard, Data analysis for network cyber-security. Singapor: Imperial College Press, 2014.

M.Collins, Network Security Through Data Analysis. Sebastopol, CA, USA: O’Reilly Media Inc., 2014.

H.Wang, D.Zhang, and K.G.Shin, “Change-Point Monitoring for Detection of DoS Attacks”, IEEE Transactions on Dependable and Secure Computing, vol. 1, is. 4., рр.193 - 208, 2004.

V.V.Petrov, Statistical analysis of network traffic. [Online]. Available: http://www.pi.314159.ru/petroff2.pdf, Accessed on: Apr.12, 2017.

V.L.Tamp, N.V.Tamp, and A.Kuzmin, “Simulation model of flows of requests for transfer of personnel in an information network”, Bulletin of Cherepovets SU, No.8, pp.32-35, 2015.

R.R.Factieva, “Development of metrics for detection of attacks based on network traffic analysis”, Bulletin of the Buryat SU, No. 3, pp. 81-86, 2013.

V.S. Lovyagin, “Statistical monitoring of virus attacks based on parametric criteria”, Sevastopol STU: Collection of scientific papers, Series: computer science, electronics, communications, Vol. 114, рр.31-35, 2011.

S.A.Aivazyan, I.S.Enyukov, and L.D.Meshalkin, Applied statistics: Research of dependences, Under the editorship of S. A. Ayvazian, Moscow, USSR: Finansy&Statistika, 1985.

A.I.Kobzar, Applied mathematical statistics. For engineers and scientists, Moscow,Russia: FIZMATLIT, 2006.

V.M.Volkova, “The investigation of statistic distributions of the Cochran test for the means shift detection”, Bulletin of the Tomsk SU, Management, Сomputing and Informatics, №1(26), рр.31-38, 2014.

Published

2017-06-30

How to Cite

Sharadkin, D. (2017). Сhange-point detection test based on the analysis of the time series’ autocorrelation and its application for information security. Information Technology and Security, 5(1), 42–54. https://doi.org/10.20535/2411-1031.2017.5.1.120555

Issue

Section

MATHEMATICAL AND COMPUTER MODELING