Please use this identifier to cite or link to this item:

Techniques to Improve Stable Distribution Modeling of Network Traffic

File Size Format  
paper0691.pdf 477.99 kB Adobe PDF View/Open

Item Summary Bollmann, Chad Tummala, Murali McEachen, John Scrofani, Jim Kragh, Mark 2017-12-28T02:17:54Z 2017-12-28T02:17:54Z 2018-01-03
dc.identifier.isbn 978-0-9981331-1-9
dc.description.abstract The stable distribution has been shown to more accurately model some aspects of network traffic than alternative distributions. In this work, we quantitatively examine aspects of the modeling performance of the stable distribution as envisioned in a statistical network cyber event detection system. We examine the flexibility and robustness of the stable distribution, extending previous work by comparing the performance of the stable distribution against alternatives using three different, public network traffic data sets with a mix of traffic rates and cyber events. After showing the stable distribution to be the overall most accurate for the examined scenarios, we use the Hellinger metric to investigate the ability of the stable distribution to reduce modeling error when using small data windows and counting periods. For the selected case and metric, the stable model is compared to a Gaussian model and is shown to produce the best overall fit as well as the best (or at worst, equivalent) fit for all counting periods. Additionally, the best stable fit occurs at a counting period that is five times shorter than the best Gaussian case. These results imply that the stable distribution can provide a more robust and accurate model than Gaussian-based alternatives in statistical network anomaly detection implementations while also facilitating faster system detection and response.
dc.format.extent 8 pages
dc.language.iso eng
dc.relation.ispartof Proceedings of the 51st Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject Cyber Threat Intelligence and Analytics
dc.subject alpha stable, network anomaly detection, optimal window size, traffic analysis
dc.title Techniques to Improve Stable Distribution Modeling of Network Traffic
dc.type Conference Paper
dc.type.dcmi Text
dc.identifier.doi 10.24251/HICSS.2018.689
Appears in Collections: Cyber Threat Intelligence and Analytics

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons