Сhange-point detection test based on the analysis of the time series' autocorrelation and its application for information security
Keywords:Computers network's anomalous behavior, change-points of the model, time series, autocorrelation, time series changes detection test.
Methods for detection changes in the behavior of technical objects, in particular in modern information and computer networks, which are based on the analysis of time series has been investigated. It is shown that these objects are characterized by great internal complexity, as well as a variety of probability distribution of their values. A wide range of possible forms and characteristics of behavior changes caused by unpredictability of both the causes themselves and their possible impact on these objects makes research and practical application of change-point detection in this field extremely difficult. These limitations restrict every single method and require the combined aggregate application of the tests for change-point detection in models. The paper survey is one of such tests, which is based on the application of the first order autocorrelation coefficient of the time series. Statistical simulation of the process has been applied for analysis of the possibilities of the test, its power, efficiency and restrictions. Dependencies of the test’s results on the various change-detection algorithm parameters are analyzed. An examining, analyzing and comparison of the test with similar ones for detection of changes in the behavior of objects has been executed. It was determined that in difficult cases the test shows not the worst, but often the best result in terms of the numbers of type I and type II errors, and of the time, which was spent for decision making. The utilization of this test for monitoring of the information and computer networks could increase the level of protection against various types of DoS attacks, intrusions, as well as from other causes of efficiency loss.
O.I.Sheluhin, D.J. Sakalama, A.S.,Filinova, Intrusion Detection in computer networks (network anomalies). Moscow, Russia, hotline-Telecom,2013.
N.Adams, and N.Heard, Data analysis for network cyber-security. Singapor: Imperial College Press, 2014.
M.Collins, Network Security Through Data Analysis. Sebastopol, CA, USA: O’Reilly Media Inc., 2014.
H.Wang, D.Zhang, and K.G.Shin, “Change-Point Monitoring for Detection of DoS Attacks”, IEEE Transactions on Dependable and Secure Computing, vol. 1, is. 4., рр.193 - 208, 2004.
V.V.Petrov, Statistical analysis of network traffic. [Online]. Available: http://www.pi.314159.ru/petroff2.pdf, Accessed on: Apr.12, 2017.
V.L.Tamp, N.V.Tamp, and A.Kuzmin, “Simulation model of flows of requests for transfer of personnel in an information network”, Bulletin of Cherepovets SU, No.8, pp.32-35, 2015.
R.R.Factieva, “Development of metrics for detection of attacks based on network traffic analysis”, Bulletin of the Buryat SU, No. 3, pp. 81-86, 2013.
V.S. Lovyagin, “Statistical monitoring of virus attacks based on parametric criteria”, Sevastopol STU: Collection of scientific papers, Series: computer science, electronics, communications, Vol. 114, рр.31-35, 2011.
S.A.Aivazyan, I.S.Enyukov, and L.D.Meshalkin, Applied statistics: Research of dependences, Under the editorship of S. A. Ayvazian, Moscow, USSR: Finansy&Statistika, 1985.
A.I.Kobzar, Applied mathematical statistics. For engineers and scientists, Moscow,Russia: FIZMATLIT, 2006.
V.M.Volkova, “The investigation of statistic distributions of the Cochran test for the means shift detection”, Bulletin of the Tomsk SU, Management, Сomputing and Informatics, №1(26), рр.31-38, 2014.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).