Back to Search Start Over

Hourly Network Anomaly Detection on HTTP Using Exponential Random Graph Models and Autoregressive Moving Average.

Authors :
Li, Richard
Tsikerdekis, Michail
Source :
Journal of Cybersecurity & Privacy; Sep2023, Vol. 3 Issue 3, p435-450, 16p
Publication Year :
2023

Abstract

Network anomaly detection solutions can analyze a network's data volume by protocol over time and can detect many kinds of cyberattacks such as exfiltration. We use exponential random graph models (ERGMs) in order to flatten hourly network topological characteristics into a time series, and Autoregressive Moving Average (ARMA) to analyze that time series and to detect potential attacks. In particular, we extend our previous method in not only demonstrating detection over hourly data but also through labeling of nodes and over the HTTP protocol. We demonstrate the effectiveness of our method using real-world data for creating exfiltration scenarios. We highlight how our method has the potential to provide a useful description of what is happening in the network structure and how this can assist cybersecurity analysts in making better decisions in conjunction with existing intrusion detection systems. Finally, we describe some strengths of our method, its accuracy based on the right selection of parameters, as well as its low computational requirements. [ABSTRACT FROM AUTHOR]

Details

Language :
English
ISSN :
2624800X
Volume :
3
Issue :
3
Database :
Complementary Index
Journal :
Journal of Cybersecurity & Privacy
Publication Type :
Academic Journal
Accession number :
172394324
Full Text :
https://doi.org/10.3390/jcp3030022