{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T18:55:04Z","timestamp":1768676104875,"version":"3.49.0"},"reference-count":43,"publisher":"Oxford University Press (OUP)","issue":"4","license":[{"start":{"date-parts":[[2020,1,21]],"date-time":"2020-01-21T00:00:00Z","timestamp":1579564800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,24]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>In herein article an attempt of problem solution connected with anomaly detection in network traffic with the use of statistic models with long or short memory dependence was presented. In order to select the proper type of a model, the parameter describing memory on the basis of the Geweke and Porter-Hudak test was estimated. Bearing in mind that the value of statistic model depends directly on quality of data used for its creation, at the initial stage of the suggested method, outliers were identified and then removed. For the implementation of this task, the criterion using the value of interquartile range was used. The data prepared in this manner were useful for automatic creation of statistic models classes, such as ARFIMA and Holt-Winters. The procedure of calculation of model parameters\u2019 optimal values was carried out as a compromise between the models coherence and the size of error estimation. Then, relations between the estimated network model and its actual parameters were used in order to detect anomalies in the network traffic. Considering the possibility of appearance of significant real traffic network fluctuations, procedure of updating statistic models was suggested. The results obtained in the course of performed experiments proved efficacy and efficiency of the presented solution.<\/jats:p>","DOI":"10.1093\/jigpal\/jzz059","type":"journal-article","created":{"date-parts":[[2019,10,12]],"date-time":"2019-10-12T19:27:27Z","timestamp":1570908447000},"page":"531-545","source":"Crossref","is-referenced-by-count":9,"title":["Time series forecasting with model selection applied to anomaly detection in network traffic"],"prefix":"10.1093","volume":"28","author":[{"given":"\u0141ukasz","family":"Saganowski","sequence":"first","affiliation":[{"name":"Institute of Telecommunications and Computer Science, Faculty of Telecommunications, Computer Science and Electrical Engineering, UTP University of Science and Technology, Al. S. Kaliskiego 7, 85-796 Bydgoszcz, Poland"}]},{"given":"Tomasz","family":"Andrysiak","sequence":"additional","affiliation":[{"name":"Institute of Telecommunications and Computer Science, Faculty of Telecommunications, Computer Science and Electrical Engineering, UTP University of Science and Technology, Al. S. Kaliskiego 7, 85-796 Bydgoszcz, Poland"}]}],"member":"286","published-online":{"date-parts":[[2020,1,21]]},"reference":[{"key":"2020080108271604100_ref1"},{"key":"2020080108271604100_ref2","year":"2017"},{"key":"2020080108271604100_ref3","doi-asserted-by":"crossref","first-page":"2191","DOI":"10.1109\/TSP.2003.814797","article-title":"Anomaly detection in IP networks","volume":"51","author":"Thottan","year":"2003","journal-title":"IEEE Transaction on Signal Processing, Special Issue of Signal Processing in Networking"},{"key":"2020080108271604100_ref4","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1145\/1028788.1028813","article-title":"Characterization of network-wide anomalies in traffic flows","volume-title":"Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement","author":"Lakhina","year":"2004"},{"key":"2020080108271604100_ref5","first-page":"pp. 459","article-title":"Network anomaly detection system: the state of art of network behavior analysis. In Proceedings of the 2008 International Conference on Convergence and Hybrid Information","author":"Lim","year":"2008","journal-title":"Technology"},{"key":"2020080108271604100_ref6","first-page":"639","article-title":"Network traffic flow analysis. In Proceedings of the 2006 Canadian Conference on Electrical and","author":"De Montigny-Leboeuf","year":"2006","journal-title":"Computer Engineering"},{"key":"2020080108271604100_ref7","first-page":"1","article-title":"Traffic model based on time series to forecast traffic future values within a Wi-Fi data network. In Proceedings of the 4th International Conference on Wireless Communications, Networking and Mobile","author":"Suarez","year":"2008","journal-title":"Computing"},{"key":"2020080108271604100_ref8","doi-asserted-by":"crossref","first-page":"491","DOI":"10.1016\/j.jare.2014.02.006","article-title":"Cyber security challenges in smart cities: safety, security and privacy","volume":"5","author":"Elmaghraby","year":"2014","journal-title":"Journal of Advanced Research"},{"key":"2020080108271604100_ref9","first-page":"144","article-title":"Evaluating pattern recognition techniques in intrusion detection systems","author":"Esposito","year":"2005","journal-title":"In Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems (PRIS05)"},{"key":"2020080108271604100_ref10","doi-asserted-by":"crossref","first-page":"3448","DOI":"10.1016\/j.comnet.2007.02.001","article-title":"An overview of anomaly detection techniques: existing solutions and latest technological trends","volume":"51","author":"Patcha","year":"2007","journal-title":"Computer Networks"},{"key":"2020080108271604100_ref11","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1109\/MITP.2013.7","article-title":"An overview of anomaly detection","volume":"15","author":"Sample","year":"2013","journal-title":"IT Professional"},{"key":"2020080108271604100_ref12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection: a survey","volume":"41","author":"Chondola","year":"2009","journal-title":"ACM Computing Surveys"},{"key":"2020080108271604100_ref13","first-page":"71","article-title":"A signal analysis of network traffic anomalies. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement","author":"Barford","year":"2002","journal-title":"ACM"},{"key":"2020080108271604100_ref14","doi-asserted-by":"crossref","first-page":"459","DOI":"10.1016\/j.cose.2006.05.003","article-title":"RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks","volume":"25","author":"Amini","year":"2006","journal-title":"Computers & Security"},{"key":"2020080108271604100_ref15","first-page":"1","article-title":"Network anomaly detection based on wavelet analysis","volume":"2009","author":"Wei","year":"2009","journal-title":"EURASIP Journal on Advances in Signal Processing"},{"key":"2020080108271604100_ref16","first-page":"5","volume-title":"ADAM: detecting intrusions by data mining. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, T1A3 1100 United States Military Academy","author":"Barbara","year":"2001"},{"key":"2020080108271604100_ref17","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1515\/ipc-2015-0027","article-title":"A DDoS attacks detection based on conditional heteroscedastic time series models","volume":"20","author":"Andrysiak","year":"2015","journal-title":"Image Processing & Comunication"},{"key":"2020080108271604100_ref18","first-page":"545","article-title":"Network traffic prediction and anomaly detection based on ARFIMA model. In Proceedings of the International Joint Conference SOCO\u201914-CISIS\u201914-ICEUTE\u201914 Advances in Intelligent Systems and","volume":"299","author":"Andrysiak","year":"2014","journal-title":"Computing"},{"key":"2020080108271604100_ref19","first-page":"pp. 205","article-title":"Arima based network anomaly detection. In Proceedings of the 2nd International Conference on Communication Software and Networks","author":"Yaacob","year":"2010"},{"key":"2020080108271604100_ref20","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1007\/978-3-319-10662-5_31","article-title":"Network anomaly detection based on ARFIMA model. In Proceedings of the Image Processing & Communications","volume":"313","author":"Andrysiak","year":"2014","journal-title":"Advances in Intelligent Systems and Computing"},{"key":"2020080108271604100_ref21","doi-asserted-by":"crossref","first-page":"pp. 3414","DOI":"10.1109\/IGARSS.2016.7729882","article-title":"Improving time series anomaly detection based on exponentially weighted moving average (EWMA) of season-trend model residuals","author":"Zhou","year":"2016","journal-title":"In Proceedings of the 2016 IEEE International Geoscience and Remote Sensing Symposium (IGARSS)"},{"key":"2020080108271604100_ref22","article-title":"Applied adaptive statistical methods: tests of significance and confidence intervals. ASA-SIAM Series on Statistics and","author":"O\u2019Gorman","year":"2004","journal-title":"Applied Mathematics"},{"key":"2020080108271604100_ref23"},{"key":"2020080108271604100_ref24","volume-title":"Theory and Methods","author":"Brockwell","year":"1991"},{"key":"2020080108271604100_ref25","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1111\/j.1467-9892.1980.tb00297.x","article-title":"An introduction to long-memory time series models and fractional differencing","volume":"1","author":"Granger","year":"1980","journal-title":"Journal of Time Series Analysis"},{"key":"2020080108271604100_ref26","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1093\/biomet\/68.1.165","article-title":"Fractional differencing","volume":"68","author":"Hosking","year":"1981","journal-title":"Biometrika"},{"key":"2020080108271604100_ref27","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1111\/j.1467-9892.1983.tb00371.x","article-title":"The estimation and application of long memory time series models","volume":"4","author":"Geweke","year":"1983","journal-title":"Journal of Time Series Analysis"},{"key":"2020080108271604100_ref28","author":"Doan"},{"key":"2020080108271604100_ref29","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1002\/(SICI)1099-131X(199603)15:2<107::AID-FOR612>3.0.CO;2-D","article-title":"Model selection and forecasting for long-range dependent processes","volume":"15","author":"Crato","year":"1996","journal-title":"Journal of Forecasting"},{"key":"2020080108271604100_ref30","doi-asserted-by":"crossref","DOI":"10.1007\/b97391","volume-title":"Introduction to Time Series and Forecasting","author":"Brockwell","year":"2002"},{"key":"2020080108271604100_ref31","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1016\/j.ijforecast.2006.03.005","article-title":"Exponential smoothing: the state of the art\u2014Part II","volume":"22","author":"Gardner","year":"2006","journal-title":"International Journal of Forecasting"},{"key":"2020080108271604100_ref32","volume-title":"Forecasting seasonals and trends by exponentially weighted moving averages, ONR Memorandum (vol. 52)","author":"Holt","year":"1957"},{"key":"2020080108271604100_ref33","doi-asserted-by":"crossref","first-page":"324","DOI":"10.1287\/mnsc.6.3.324","article-title":"Forecasting sales by exponentially weighted moving averages","volume":"6","author":"Winters","year":"1960","journal-title":"Management Science"},{"key":"2020080108271604100_ref34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1002\/for.3980040103","article-title":"Exponential smoothing: the state of the art","volume":"4","author":"Gardner","year":"1985","journal-title":"Journal of Forecasting"},{"key":"2020080108271604100_ref35","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1016\/0169-2070(90)90005-V","article-title":"Parameter space of the Holt-Winters\u2019 model","volume":"6","author":"Archibald","year":"1990","journal-title":"International Journal of Forecasting"},{"key":"2020080108271604100_ref36","doi-asserted-by":"crossref","first-page":"1","DOI":"10.18637\/jss.v027.i03","article-title":"Automatic time series forecasting: the forecast package for R","volume":"27","author":"Hyndman","year":"2008","journal-title":"Journal of Statistical Software"},{"key":"2020080108271604100_ref37","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1016\/S0169-2070(01)00110-8","article-title":"A state space framework for automatic forecasting using exponential smoothing methods","volume":"18","author":"Hyndman","year":"2002","journal-title":"International Journal of Forecasting"},{"key":"2020080108271604100_ref38","volume-title":"Exploratory Data Analysis","author":"Tukey","year":"1977"},{"key":"2020080108271604100_ref39"},{"key":"2020080108271604100_ref40","author":"Linux"},{"key":"2020080108271604100_ref41","doi-asserted-by":"crossref","first-page":"653232","DOI":"10.1155\/2015\/653232","article-title":"Lightweight anomaly detection for wireless sensor networks","author":"Cheng","year":"2015","journal-title":"International Journal of Distributed Sensor Networks"},{"key":"2020080108271604100_ref42","doi-asserted-by":"crossref","first-page":"1302","DOI":"10.1016\/j.jnca.2011.03.004","article-title":"Anomaly detection in wireless sensor networks: a survey","volume":"34","author":"Xie","year":"2011","journal-title":"Journal of Network and Computer Applications"},{"key":"2020080108271604100_ref43","doi-asserted-by":"crossref","first-page":"868","DOI":"10.3390\/s16060868","article-title":"A comparative study of anomaly detection techniques for smart city wireless sensor networks","volume":"16","author":"Garcia-Font","year":"2016","journal-title":"Sensors"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/jigpal\/article-pdf\/28\/4\/531\/33554862\/jzz059.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/jigpal\/article-pdf\/28\/4\/531\/33554862\/jzz059.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,1]],"date-time":"2020-08-01T12:28:12Z","timestamp":1596284892000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/28\/4\/531\/5709639"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,21]]},"references-count":43,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2020,1,21]]},"published-print":{"date-parts":[[2020,7,24]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzz059","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2020,8]]},"published":{"date-parts":[[2020,1,21]]}}}