Complex methods detect anomalies in real time based on time series analysis

A. Ayad, A. Zamani, A. Schmeink, G. Dartmann, Design and implementation of a hybrid anomaly detection system for IoT, Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, pp. 1–6, 2019. doi: 10.1109/IOTSMS48152.2019.8939206. Pu, 2021, A hybrid unsupervised clustering-based anomaly detection method, Tsinghua Sci. Tech., 26, 146, 10.26599/TST.2019.9010051 M. Weber, F. Pistorius, E. Sax, J. Maas, B. Zimmer, A hybrid anomaly detection system for electronic control units featuring replicator neural networks, in: K. Arai, S. Kapoor, R. Bhatia (Eds.), Advances in Information and Communication Networks, FICC 2018, Advances in Intelligent Systems and Computing, vol. 887, Springer, Cham, pp. 43–62, 2019. doi: 10.1007/978-3-030-03405-4_4. Ghanema, 2015, A hybrid approach for efficient anomaly detection using metaheuristic methods, J. Adv. Res., 6, 609, 10.1016/j.jare.2014.02.009 Niandong, 2020, Detection of probe flow anomalies using information entropy and random forest method, J. Intell. Fuzzy Syst., 39, 433, 10.3233/JIFS-191448 H.E. Sevil, Anomaly detection using parity space approach in team of UAVs with entropy based distributed behavior, AIAA Scitech 2020 Forum, 6–10 January 2020. doi: 10.2514/6.2020-1625. Shukla, 2018, Entropy-based anomaly detection in a network, Wireless Pers. Commun., 99, 1487, 10.1007/s11277-018-5288-2 D. Yao, M. Yin, J. Luo, S. Zhang, Network anomaly detection using random forests and entropy of traffic features, in: Fourth International Conference on Multimedia Information Networking and Security, Nanjing, 2012, pp. 926–929. doi: 10.1109/MINES.2012.146. Ali, 2019, Entropy-based feature selection classification approach for detecting phishing websites, 1 Zhang, 2017, A method for modulation recognition based on entropy features and random forest, 243 Geng, 2020, Evaluation of acute tonic cold pain from microwave transcranial transmission signals using multi-entropy machine learning approach, IEEE Access, 8, 2780, 10.1109/ACCESS.2019.2962515 H. Song, Z. Jiang, A. Men, B. Yang, A hybrid semi-supervised anomaly detection model for high-dimensional data, Computational Intelligence and Neuroscience (2017), Article ID 8501683, 9 pp. doi: 10.1155/2017/8501683. Radivilova, 2020, The complex method of intrusion detection based on anomaly detection and misuse detection, 133 Monshizadeh, 2019, Performance evaluation of a combined anomaly detection platform, IEEE Access, 7, 100964, 10.1109/ACCESS.2019.2930832 Botana, 2020, Regression tree based explanation for anomaly detection algorithm, Proceedings, 54, 1, 10.3390/proceedings2020054007 Fernandes, 2019, A comprehensive survey on network anomaly detection, Telecommun. Syst., 70, 447, 10.1007/s11235-018-0475-8 Carvalho, 2018, An ecosystem for anomaly detection and mitigation in software-defined networking, Expert Syst. Appl., 104, 121, 10.1016/j.eswa.2018.03.027 Nawir, 2019, Effective and efficient network anomaly detection system using machine learning algorithm, Bull. Electrical Eng. Informat., 8, 46, 10.11591/eei.v8i1.1387 Fernández, 2018, Ugr’16: a new dataset for the evaluation of cyclostationarity-based network IDSs, Comput. Sec., 73, 411, 10.1016/j.cose.2017.11.004 Alkasassbeh, 2016, Towards generating realistic SNMP-MIB dataset for network anomaly detection, Int. J. Comput. Sci. Informat. Sec. (IJCSIS), 14, 1162 Alkasassbeh, 2018, Using machine learning methods for detecting network anomalies within SNMP-MIB dataset, Int. J. Wireless Mobile Comput., 15, 67, 10.1504/IJWMC.2018.094644 UGR’16: A new dataset for the evaluation of cyclostationarity-based network IDSs. [Online]. G. Maciá-Fernández, 2017. Available at: https://nesg.ugr.es/nesg-ugr16. Shelukhin, 2007, 183 Das, 2016, Impact of hurst parameter value in self-similarity behaviour of network traffic, Int. J. Res. Comput. Commun. Technol., 5, 631 Daradkeh, 2018, Development of QoS methods in the information networks with fractal traffic, Int. J. Electron. Telecommun., 64, 27 Q.3925 : Traffic flow types for testing quality of service parameters on model networks [Online database]. ITU-I, 2012. Available at: https://www.itu.int/rec/T-REC-Q.3925-201203-I. Popa, 2015, Using traffic self-similarity for network anomalies detection, 639 Kaur, 2017, Detection of TCP targeted high bandwidth attacks using self-similarity, J. King Saud Univ.—Comput. Informat. Sci. Deka, 2016, Self-similarity based DDoS attack detection using Hurst parameter, Sec. Commun. Networks, 9, 4468, 10.1002/sec.1639 T. Radivilova, L. Kirichenko, D. Ageiev, V. Bulakh, Classification methods of machine learning to detect DDoS attacks, in: 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Metz, France, 2019, pp. 207–210. doi: 10.1109/IDAACS.2019.8924406. Radivilova, 2019, Intrusion detection based on machine learning using fractal properties of traffic realizations, 218 Eckmann, 1987, Recurrence plots of dynamical systems, Europhys. Lett., 5, 973, 10.1209/0295-5075/4/9/004 Marwan, 2007, Recurrence plots for the analysis of complex system, Phys. Rep., 438, 237, 10.1016/j.physrep.2006.11.001 L. Kirichenko, T. Radivilova, V. Bulakh, Classification of fractal time series using recurrence plots,” in: International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkiv, Ukraine, 2018, pp. 719–724, doi: 10.1109/INFOCOMMST.2018.8632010. Kirichenko, 2020, Binary classification of fractal time series by machine learning methods, 701 Kirichenko, 2019, Machine learning detection of DDoS attacks based on visualization of recurrence plots, CEUR Workshop Proceedings, 2588 Gu, 2005, Detecting anomalies in network traffic using maximum entropy estimation, 32 Radivilova, 2019, Entropy analysis method for attacks detection, IEEE International Scientific-Practical Conference Problems of Infocommunications, 443 A.S. Navaz, V. Sangeetha, C. Prabhadevi, Entropy based anomaly detection system to prevent DDoS attacks in cloud (2013) [online]. Available at: arXiv preprint arXiv:1308.6745. Kirichenko, 2020, Generalized approach to analysis of multifractal properties from short time series, Int. J. Adv. Comput. Sci. Appl., 11, 183 Kirichenko, 2013, Mathematical simulation of self-similar network traffic with aimed parameters, Anale. Seria Informatică, 11, 17 Breiman, 2001, Random forests, Machine Learn., 45, 5, 10.1023/A:1010933404324 Bulakh, 2018, Classification of multifractal time series by decision tree methods, CEUR Workshop Proceedings, 2105, 457 I. Ivanisenko, L. Kirichenko, T. Radivilova, Investigation of multifractal properties of additive data stream, in: IEEE First International Conference on Data Stream Mining & Processing (DSMP), Lviv, Ukraine, 2016, pp. 305–308, doi: 10.1109/DSMP.2016.7583564. I. Ivanisenko, L. Kirichenko, T. Radivilova, Investigation of self-similar properties of additive data traffic, in: Xth International Scientific and Technical Conference “Computer Sciences and Information Technologies“ (CSIT), Lviv, Ukraine, 2015, pp. 169–171, doi: 10.1109/STC-CSIT.2015.7325459. D.C. Ciresan, U. Meier, J. Masci, L.M. Gambardella, J. Schmidhuber, Flexible, high performance convolutional neural networks for image classification, in: Proceeding of Twenty-Second International Joint Conference on Artificial Intelligence, 2011, pp. 1237–1242. V. Fung, An overview of ResNet and its variants. [Online] Towards Data Science, 2017. Available at: https://towardsdatascience.com/an-overview-of-resnet-and-its-variants-5281e2f56035. S. Ioffe, C. Szegedy, Batch normalization: Accelerating deep network training by reducing internal covariate shift, in: Proceedings of the 32nd International Conference on Machine Learning, Lille, France, PMLR, vol. 37, 2015, pp. 448–456. https://arxiv.org/abs/1502.03167. D.P. Kingma, J. Ba, Adam: A method for stochastic optimization, in: Proceedings of the 3rd International Conference on Learning Representations (ICLR), San Diego, USA, 2015. https://arxiv.org/abs/1412.6980. Suricata: Open source IDS/IPS/NSM engine. [Online]. Suricata, 2021. Available at: https://suricata-ids.org.