Comparing Moving Averages with Choquet Integral to Detect Anomalies in Network Traffic
Abstract
The computer network infrastructure is essential for fast and reliable access to digital resources, making it indispensable for business and daily activities. With the evident increase in continuous data flow, networks are frequently targeted by attacks. This work compares moving average models for network traffic predictions and uses the model with the lowest error to detect anomalies, comparing its performance with a data aggregation function based on the Choquet integral. The results show that the Moving Average based on the Poisson distribution outperforms the aggregation function based on the Choquet Integral with Algebraic Product.References
Dalmazo, B. L., Vilela, J. P., and Curado, M. (2017). Performance analysis of network traffic predictors in the cloud. Journal of Network and Systems Management, 25:290–320.
Dalmazo, B. L., Vilela, J. P., and Curado, M. (2018). Triple-similarity mechanism for alarm management in the cloud. Computers & Security, 78:33–42.
Grabisch, M. and Labreuche, C. (2010). A decade of application of the choquet and sugeno integrals in multi-criteria decision aid. Annals of Operations Research, 175(1):247–286.
Schmidl, S., Wenig, P., and Papenbrock, T. (2022). Anomaly detection in time series: a comprehensive evaluation. Proc. VLDB Endow., 15(9):1779–1797.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal.
Yuan, Z., Chen, B., Liu, J., Chen, H., Peng, D., and Li, P. (2023). Anomaly detection based on weighted fuzzy-rough density. Applied Soft Computing, 134:109995.
Zeufack, V., Kim, D., Seo, D., and Lee, A. (2021). An unsupervised anomaly detection framework for detecting anomalies in real time through network system’s log files analysis. High-Confidence Computing, 1(2):100030.
Dalmazo, B. L., Vilela, J. P., and Curado, M. (2018). Triple-similarity mechanism for alarm management in the cloud. Computers & Security, 78:33–42.
Grabisch, M. and Labreuche, C. (2010). A decade of application of the choquet and sugeno integrals in multi-criteria decision aid. Annals of Operations Research, 175(1):247–286.
Schmidl, S., Wenig, P., and Papenbrock, T. (2022). Anomaly detection in time series: a comprehensive evaluation. Proc. VLDB Endow., 15(9):1779–1797.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal.
Yuan, Z., Chen, B., Liu, J., Chen, H., Peng, D., and Li, P. (2023). Anomaly detection based on weighted fuzzy-rough density. Applied Soft Computing, 134:109995.
Zeufack, V., Kim, D., Seo, D., and Lee, A. (2021). An unsupervised anomaly detection framework for detecting anomalies in real time through network system’s log files analysis. High-Confidence Computing, 1(2):100030.
Published
2024-09-16
How to Cite
AYRES, Denner; QUEVEDO, Abreu; LUCCA, Giancarlo; DIMURO, Graçaliz; DALMAZO, Bruno L..
Comparing Moving Averages with Choquet Integral to Detect Anomalies in Network Traffic. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE ONGOING WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 353-357.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.243381.
