scholarly journals Anomaly Detection in Smart Metering Infrastructure with the Use of Time Series Analysis

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Piotr Kiedrowski
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Statistical Models ◽  
Optimal Parameter ◽  
Forecast Error ◽  
Abnormal Behavior ◽  
Smart Metering ◽  
Use Of Time ◽  
Advanced Metering

The article presents solutions to anomaly detection in network traffic for critical smart metering infrastructure, realized with the use of radio sensory network. The structure of the examined smart meter network and the key security aspects which have influence on the correct performance of an advanced metering infrastructure (possibility of passive and active cyberattacks) are described. An effective and quick anomaly detection method is proposed. At its initial stage, Cook’s distance was used for detection and elimination of outlier observations. So prepared data was used to estimate standard statistical models based on exponential smoothing, that is, Brown’s, Holt’s, and Winters’ models. To estimate possible fluctuations in forecasts of the implemented models, properly parameterized Bollinger Bands was used. Next, statistical relations between the estimated traffic model and its real variability were examined to detect abnormal behavior, which could indicate a cyberattack attempt. An update procedure of standard models in case there were significant real network traffic fluctuations was also proposed. The choice of optimal parameter values of statistical models was realized as forecast error minimization. The results confirmed efficiency of the presented method and accuracy of choice of the proper statistical model for the analyzed time series.

scholarly journals Anomaly Detection for Smart Lighting Infrastructure with the Use of Time Series Analysis

2020 ◽  
Vol 26 (4) ◽  
pp. 508-527
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski
Keyword(s):  
Neural Networks ◽  
Time Series ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Short Term Memory ◽  
Abnormal Behavior ◽  
Short Term ◽  
Term Memory ◽  
Smart Lighting ◽  
Informative Content

One of the basic elements of every Smart City is currently a system of managing urban infrastructure, in particular, smart systems controlling street lighting. Ensuring proper level of security, continuity and failure-free operation of such systems, in practice, seems not yet a solved problem. In this article we present proposals of a system allowing to detect different types of anomalies in network traffic for Smart Lighting critical infrastructure realized with the use of Power Line Communication technology. Furthermore, there is proposed and described the structure of the examined Smart Lighting Communications Network along with its particular elements. We discuss key security aspects which affect proper operation of advance communication infrastructure, i.e. possibility of occurrence of abuse connected both to activity of external factors which could disturb transmission of steering signals, as well as active forms of attack aiming at influencing the informative content of the transmitted data. In the article, there is also presented an effective and quick anomaly detection method in the tested network traffic represented by suitable time series. At the initial stage of the method, the process of detection and elimination of potential outlying observations was realized by one-dimensional quartile criterion. Data prepared in this manner was used for learning recurrent neural networks, i.e. Long and Short-Term Memory types, in order to predict values of the analyzed time series. Further, tests were performed on relations between the forecasted network traffic and its real variability in order to detect abnormal behavior which could mean an attempt of an attack or abuse. Due to a possibility of occurrence of significant fluctuations in real network traffic of the tested Smart Lighting infrastructure, we propose a procedure of recurrent learning with the use of neural networks to obtain more accurate forecasting. The results achieved by means of the performed experiments confirmed effectiveness of the presented method and proper choice of the Long Short-Term Memory neural network for forecasting the analyzed time series.

Evaluating Statistical Models for Network Traffic Anomaly Detection

2019 ◽  
Author(s):  
Peter Kromkowski ◽  
Shaoran Li ◽  
Wenxi Zhao ◽  
Brendan Abraham ◽  
Austin Osborne ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Network Traffic ◽  
Statistical Models ◽  
Traffic Anomaly ◽  
Traffic Anomaly Detection

scholarly journals A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

2015 ◽  
Vol 20 (1) ◽  
pp. 23-33 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Time Series ◽  
Maximum Likelihood ◽  
Present Article ◽  
Network Traffic ◽  
Statistical Models ◽  
Likelihood Function ◽  
Estimation Error ◽  
Time Series Models ◽  
Ddos Attacks ◽  
Network Infrastructure

Abstract Dynamic development of various systems providing safety and protection to network infrastructure from novel, unknown attacks is currently an intensively explored and developed domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.

scholarly journals Detection of Anomalies in the Traffic of IoT Devices

2021 ◽  
Vol 7 (4) ◽  
pp. 128-137
Author(s):  
I. Murenin
Keyword(s):  
Time Series ◽  
Feature Extraction ◽  
Anomaly Detection ◽  
Statistical Methods ◽  
Abnormal Behavior ◽  
Event Logs ◽  
Normal Behavior ◽  
Key Characteristics ◽  
Iot Devices ◽  
Building Technique

The article proposes an approach to finding anomalies in the traffic of IoT devices based on time series analysis and assessing normal and abnormal behavior using statistical methods. The main goal of the proposed approach is to combine statistical methods for detecting anomalies using unlabeled data and plotting key characteristics of device profiles. Within this approach the following techniques for traffic analysis has been developed and implemented: a technique for a feature extraction, a normal behavior boundary building technique and an anomaly detection technique. To evaluate the proposed approach, we used a technique for generating event logs from devices with the generation of anomalous markup. The experiments shown that the GESD-test gives the best results for anomaly detection in IoT traffic.

scholarly journals Long-Memory Dependence Statistical Models for DDoS Attacks Detection

2015 ◽  
Vol 20 (4) ◽  
pp. 31-40
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Network Traffic ◽  
Long Memory ◽  
Statistical Models ◽  
Likelihood Function ◽  
Information Criteria ◽  
Abnormal Behavior ◽  
Ddos Attacks ◽  
Network Attack ◽  
Function Selection ◽  
Selection Of

Abstract DDoS attacks detection method based on modelling the variability with the use of conditional average and variance in examined time series is proposed in this article. Variability predictions of the analyzed network traffic are realized by estimated statistical models with long-memory dependence ARFIMA, Adaptive ARFIMA, FIGARCH and Adaptive FIGARCH. We propose simple parameter estimation models with the use of maximum likelihood function. Selection of sparingly parameterized form of the models is realized by means of information criteria representing a compromise between brevity of representation and the extent of the prediction error. In the described method we propose using statistical relations between the forecasted and analyzed network traffic in order to detect abnormal behavior possibly being a result of a network attack. Performed experiments confirmed effectiveness of the analyzed method and cogency of the statistical models.

An Anomaly Detection Method with Exemplar Subsequence for Time Series Data

2016 ◽  
Vol 136 (3) ◽  
pp. 363-372
Author(s):  
Takaaki Nakamura ◽  
Makoto Imamura ◽  
Masashi Tatedoko ◽  
Norio Hirai
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Time Series Data ◽  
Detection Method ◽  
Series Data
Sign in / Sign up

Export Citation Format

Share Document