Network Traffic Prediction and Anomaly Detection Based on ARFIMA Model

In this paper, we present network anomaly detection with the use of ARFIMA model. We propose the method of estimation parameters using the Hyndman-Khandakar algorithm to estimate the polymonials parameters and the Haslett and Raftery algorithm to estimate the differencing parameters. The choice of optimal values of the model parameters is performed on the basis of information criteria representing a compromise between the consistency model and the size of its error of estimate. In the presented method, we propose to use statistical relationships between predicted and original network traffic to determine if the examined trace is normal or attacked. The efficiency of our method is verified with the use of extended set of benchmark test real traces. The reported experimental results confirm the efficiency of the presented method.