Hourly Network Anomaly Detection on HTTP Using Exponential Random Graph Models and Autoregressive Moving Average

Richard Li; Michail Tsikerdekis

doi:10.3390/jcp3030022

Journal of Cybersecurity and Privacy (Aug 2023)

Hourly Network Anomaly Detection on HTTP Using Exponential Random Graph Models and Autoregressive Moving Average

Richard Li,
Michail Tsikerdekis

Affiliations

Richard Li: Computer Science Department, Western Washington University, Bellingham, WA 98225, USA
Michail Tsikerdekis: Computer Science Department, Western Washington University, Bellingham, WA 98225, USA

DOI: https://doi.org/10.3390/jcp3030022
Journal volume & issue: Vol. 3, no. 3
pp. 435 – 450

Abstract

Read online

Network anomaly detection solutions can analyze a network’s data volume by protocol over time and can detect many kinds of cyberattacks such as exfiltration. We use exponential random graph models (ERGMs) in order to flatten hourly network topological characteristics into a time series, and Autoregressive Moving Average (ARMA) to analyze that time series and to detect potential attacks. In particular, we extend our previous method in not only demonstrating detection over hourly data but also through labeling of nodes and over the HTTP protocol. We demonstrate the effectiveness of our method using real-world data for creating exfiltration scenarios. We highlight how our method has the potential to provide a useful description of what is happening in the network structure and how this can assist cybersecurity analysts in making better decisions in conjunction with existing intrusion detection systems. Finally, we describe some strengths of our method, its accuracy based on the right selection of parameters, as well as its low computational requirements.

Published in Journal of Cybersecurity and Privacy

ISSN: 2624-800X (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Technology (General)
Website: https://www.mdpi.com/journal/jcp

About the journal

Abstract

Keywords