scholarly journals A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

2015 ◽  
Vol 20 (1) ◽  
pp. 23-33 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Time Series ◽  
Maximum Likelihood ◽  
Present Article ◽  
Network Traffic ◽  
Statistical Models ◽  
Likelihood Function ◽  
Estimation Error ◽  
Time Series Models ◽  
Ddos Attacks ◽  
Network Infrastructure

Abstract Dynamic development of various systems providing safety and protection to network infrastructure from novel, unknown attacks is currently an intensively explored and developed domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.

scholarly journals Long-Memory Dependence Statistical Models for DDoS Attacks Detection

2015 ◽  
Vol 20 (4) ◽  
pp. 31-40
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Network Traffic ◽  
Long Memory ◽  
Statistical Models ◽  
Likelihood Function ◽  
Information Criteria ◽  
Abnormal Behavior ◽  
Ddos Attacks ◽  
Network Attack ◽  
Function Selection ◽  
Selection Of

Abstract DDoS attacks detection method based on modelling the variability with the use of conditional average and variance in examined time series is proposed in this article. Variability predictions of the analyzed network traffic are realized by estimated statistical models with long-memory dependence ARFIMA, Adaptive ARFIMA, FIGARCH and Adaptive FIGARCH. We propose simple parameter estimation models with the use of maximum likelihood function. Selection of sparingly parameterized form of the models is realized by means of information criteria representing a compromise between brevity of representation and the extent of the prediction error. In the described method we propose using statistical relations between the forecasted and analyzed network traffic in order to detect abnormal behavior possibly being a result of a network attack. Performed experiments confirmed effectiveness of the analyzed method and cogency of the statistical models.

scholarly journals Anomaly Detection in Smart Metering Infrastructure with the Use of Time Series Analysis

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Piotr Kiedrowski
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Statistical Models ◽  
Optimal Parameter ◽  
Forecast Error ◽  
Abnormal Behavior ◽  
Smart Metering ◽  
Use Of Time ◽  
Advanced Metering

The article presents solutions to anomaly detection in network traffic for critical smart metering infrastructure, realized with the use of radio sensory network. The structure of the examined smart meter network and the key security aspects which have influence on the correct performance of an advanced metering infrastructure (possibility of passive and active cyberattacks) are described. An effective and quick anomaly detection method is proposed. At its initial stage, Cook’s distance was used for detection and elimination of outlier observations. So prepared data was used to estimate standard statistical models based on exponential smoothing, that is, Brown’s, Holt’s, and Winters’ models. To estimate possible fluctuations in forecasts of the implemented models, properly parameterized Bollinger Bands was used. Next, statistical relations between the estimated traffic model and its real variability were examined to detect abnormal behavior, which could indicate a cyberattack attempt. An update procedure of standard models in case there were significant real network traffic fluctuations was also proposed. The choice of optimal parameter values of statistical models was realized as forecast error minimization. The results confirmed efficiency of the presented method and accuracy of choice of the proper statistical model for the analyzed time series.

scholarly journals Consequences of Model Misspecification for Maximum Likelihood Estimation with Missing Data

Econometrics ◽  
2019 ◽  
Vol 7 (3) ◽  
pp. 37 ◽  
Author(s):  
Golden ◽  
Henley ◽  
White ◽  
Kashner
Keyword(s):  
Missing Data ◽  
Maximum Likelihood ◽  
Data Model ◽  
Statistical Models ◽  
Incomplete Data ◽  
Likelihood Function ◽  
Model Misspecification ◽  
Complete Data ◽  
Regularity Conditions ◽  
Observable Data

Researchers are often faced with the challenge of developing statistical models with incomplete data. Exacerbating this situation is the possibility that either the researcher’s complete-data model or the model of the missing-data mechanism is misspecified. In this article, we create a formal theoretical framework for developing statistical models and detecting model misspecification in the presence of incomplete data where maximum likelihood estimates are obtained by maximizing the observable-data likelihood function when the missing-data mechanism is assumed ignorable. First, we provide sufficient regularity conditions on the researcher’s complete-data model to characterize the asymptotic behavior of maximum likelihood estimates in the simultaneous presence of both missing data and model misspecification. These results are then used to derive robust hypothesis testing methods for possibly misspecified models in the presence of Missing at Random (MAR) or Missing Not at Random (MNAR) missing data. Second, we introduce a method for the detection of model misspecification in missing data problems using recently developed Generalized Information Matrix Tests (GIMT). Third, we identify regularity conditions for the Missing Information Principle (MIP) to hold in the presence of model misspecification so as to provide useful computational covariance matrix estimation formulas. Fourth, we provide regularity conditions that ensure the observable-data expected negative log-likelihood function is convex in the presence of partially observable data when the amount of missingness is sufficiently small and the complete-data likelihood is convex. Fifth, we show that when the researcher has correctly specified a complete-data model with a convex negative likelihood function and an ignorable missing-data mechanism, then its strict local minimizer is the true parameter value for the complete-data model when the amount of missingness is sufficiently small. Our results thus provide new robust estimation, inference, and specification analysis methods for developing statistical models with incomplete data.

Sign in / Sign up

Export Citation Format

Share Document