|
Title:
|
ANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL |
|
Author(s):
|
Alex Soares de Moura, Sidney Cunha de Lucena |
|
ISBN:
|
978-989-8533-01-2 |
|
Editors:
|
Bebo White, Pedro Isaías and Flávia Maria Santoro |
|
Year:
|
2011 |
|
Edition:
|
Single |
|
Keywords:
|
Anomaly detection, Holt-Winters forecast model, entropy, DoS attacks |
|
Type:
|
Full Paper |
|
First Page:
|
349 |
|
Last Page:
|
356 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Attacks against networks and its services are permanent concerns for Internet service providers and datacenters. Several methods for anomaly detection in high-speed links have been researched in the last years. This article evaluates a simple method based on the Holt-Winters forecast model to verify significant changes at the pattern of traffic parameters normally affected in the presence of anomalies. This work also proposes and evaluates the use of filters to increase the effectiveness of the method for the detection of specific types of attacks. Results confirm the usefulness of this proposal to detect malicious traffic related to a TCP SYN flood attack and to the propagation of the Slammer worm, both applied to real traffic samples from the Brazilian NREN. |
|
|
|
|
|
|
