Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2012, Article ID 192913, 5 pages
Research Article

Usage of Modified Holt-Winters Method in the Anomaly Detection of Network Traffic: Case Studies

1Computer Engineering Department, Technical University of Lodz, 18/22 Stefanowskiego Street, 90-924 Lodz, Poland
2Corporate IT Security Agency, Orange Labs Poland, 7 Obrzezna Street, 02-691 Warsaw, Poland
3Department of Management, Technical University of Lodz, 266 Piotrkowska Street, 90-924 Lodz, Poland

Received 25 November 2011; Revised 15 March 2012; Accepted 29 March 2012

Academic Editor: Yueh M. Huang

Copyright © 2012 Maciej Szmit and Anna Szmit. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. A. Fadia and M. Zacharia, “Network intrusion alert. An ethical hacking guide to intrusion detection,” in Proceedings of the Thomson Source Technology, Boston, Mass, USA, 2008.
  2. S. Sooyeon, K. Taekyoung, J. Gil-Yong, P. Youngman, and H. Rhy, “An experimental study of hierarchical intrusion detection for wireless industrial sensor networks,” IEEE Transactions on Industrial Informatics, vol. 6, no. 4, pp. 744–757, 2010. View at Publisher · View at Google Scholar · View at Scopus
  3. E. A. Patkowski, “Mechanizmy wykrywania anomalii jako element bezpieczeństwa,” Biuletyn Instytutu Automatyki i Robotyki nr 26/2009, Wydawnictwo Wojskowej Akademii Technicznej, Warsaw, Poland, 2009.
  4. F. Palmieri and U. Fiore, “Network anomaly detection through nonlinear analysis,” Computers and Security, vol. 29, no. 7, pp. 737–755, 2010. View at Publisher · View at Google Scholar · View at Scopus
  5. J. Pieprzyk, T. Hardjono, and J. Seberry, Teoria Bezpieczeństwa Systemów Komputerowych, Helion, 2005.
  6. M. Szmit and A. Szmit, “Use of holt-winters method in the analysis of network traffic: case study,” Communications in Computer and Information Science, vol. 160, pp. 224–231, 2011. View at Publisher · View at Google Scholar · View at Scopus
  7. L. Fillatre, D. Marakov, and S. Vaton, “Forecasting seasonal traffic flows,” in Proceedings of the Workshop on QoS and Traffic Control, Paris, France, December 2005.
  8. I. Klevecka, “Forecasting network traffic: a comparison of neural networks and linear models,” in Proceedings of the 9th International Conference “Reliability and Statistics in Transportation and Communication” (RelStat '09), Riga, Latvia, October 2009.
  9. P. Goodwin, “The holt-winters approach to exponential smoothing: 50 years old and going strong,” in Proceedings of the FORESIGHT Fall, pp. 30–34, 2010,
  10. B. Guzik, D. Appenzeller, and W. Jurek, Prognozowanie i Symulacje. Wybrane Zagadnienia, Wydawnictwo AE w Poznaniu, Poznań, Poland, 2004.
  11. E. S. Gardner, “Exponential smoothing: the state of the art-Part II,” International Journal of Forecasting, vol. 22, no. 4, pp. 637–666, 2006. View at Publisher · View at Google Scholar · View at Scopus
  12. J. Gajda, Prognozowanie i Symulacja a Decyzje Gospodarcze, C. H. Beck, Warsaw, Poland, 2001.
  13. A. Zeliaś, B. Pawełek, S. Wanat et al., Prognozowanie Ekonomiczne. Teoria, Przykłady, Zadania, Wydawnictwo Naukowe PWN, Warszawa, Poland, 2004.
  14. M. Cieślak, Ed., Prognozowanie Gospodarcze, Wydawnictwo AE Wrocław, 1998.
  15. P. J. Brockwell and R. A. Davis, Introduction to Time Series and Forecasting, Springer, New York, NY, USA, 2nd edition, 2002.
  16. R. J. Hyndman, A. B. Koehler, J. K. Ord, and R. D. Snyder, Forecasting with Exponential Smoothing: The State Space Approach, Springer, Berlin, Germany, 2008.
  17. J. D. Brutlag, “Aberrant behavior detection in time series for network monitoring,” in Proceedings of the 14th System Administration Conference, pp. 139–146, New Orleans, Fla, USA, 2000.
  18. E. Miller, “Holt-Winters Forecasting Applied to Poisson Processes in Real-Time,” August, 2010,
  19. J. W. Taylor, “Short-term electricity demand forecasting using double seasonal exponential smoothing,” Journal of Operational Research Society, vol. 54, pp. 799–805, 2003. View at Google Scholar
  20. J. W. Taylor, “Triple seasonal methods for short-term electricity demand forecasting,” European Journal of Operational Research, vol. 204, pp. 139–152, 2010. View at Google Scholar
  21. S. Gelper, R. Fried, and C. Croux, “Robust forecasting with exponential and holt-winters smoothing,” Journal of Forecasting, vol. 29, no. 3, pp. 285–300, 2010. View at Publisher · View at Google Scholar · View at Scopus
  22. R. Lawton, “On the Stability of the Double Seasonal Holt-Winters Method,”
  23. G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the Association for Computing Machinery (ACM '08), 2008.
  24. Y. Gu, A. McCallum, and D. Towsley, “Detecting anomalies in network traffic using maximum entropy estimation,” in Proceedings of the IMC Conference,
  25. SPADE 092200,
  26. T. J. Kruk and J. Wrzesień, “Korelacja w wykrywaniu anomalii,” in Proceedings of the Materiały Konferencji CERT Secure, Warsaw, Poland, 2003.
  27. H. Ringberg, A. Soule, J. Rexford, and C. Diot, “Sensitivity of PCA for Traffic Anomaly Detection,” San Diego, Calif, USA, 2007,
  28. A. Lakhina, M. Cronvella, and C. Diot, “Diagnosis network-wide traffic anomalies,” in Proceedings of the ACC SIGCOMM, February 2004,
  29. V. A. Siris and F. Papaglou, “Application of anomaly detection algorithms for detecting syn floodinfg attacks,” in Proceedings of the IEEE Global Telecommunications Conference, vol. 4, pp. 2050–2054, 2004.
  30. R. Mbabazi, Victim-based defense against ip packet flooding denial of service attacks, M.S. thesis, Makerere University, 2009.
  31. R. Blazek, H. Kim, B. Rozovskii, and A. Tartakovsky, “A novel approach to detection of “Denial-of-Service” attacks via adaptive sequential and batch-sequential change-point detection methods,” in Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance Workshop (West Point '01), June 2001.
  32. O. Siriporn and S. Benjawan, “Anomaly detection and characterization to classify traffic anomalies case study: TOT public company limited network,” Proceedings of World Academy of Science, Engineering and Technology, vol. 37, pp. 706–714, 2009. View at Google Scholar · View at Scopus
  33. A. Sharma, A. K. Pujari, and K. K. Paliwal, “Intrusion detection using text processing techniques with a kernel based similarity measure,” Computers and Security, vol. 26, no. 7-8, pp. 488–495, 2007. View at Publisher · View at Google Scholar · View at Scopus
  34. S. O. Al-Mamory and H. Zhang, “New data mining technique to enhance IDS alarms quality,” Journal in Computer Virology, vol. 6, no. 1, pp. 43–55, 2010. View at Publisher · View at Google Scholar · View at Scopus
  35. D. Tian, Y. Liu, and Y. Xiang, “Large-scale network intrusion detection based on distributed learning algorithm,” International Journal of Information Security, vol. 8, no. 1, pp. 25–35, 2009. View at Publisher · View at Google Scholar · View at Scopus
  36. Snort+AI,
  37. R. Cichocki, “Algorytmy indukcji reguł decyzyjnych w Systemach Wykrywania Intruzów,” in Proceedings of the XII Konferencja Sieci Komputerowe, Zakopane, Poland, 2005.
  38. D. Dasgupta, “Immunity-based intrusion detection system: a general framework,” in Proceedings of the 22nd National Information Systems Security Conference (NISSC '99), 1999.
  39. W. Li, “Using genetic algorithm for network intrusion detection,” in Proceedings of the United States Department of Energy Cyber Security Group 2004 Training Conference, Kansas City, Mo, USA, 2004.
  40. J. Luo, S. Bridges, and R. Vaughn, “Fuzzy frequent episodes for real time intrusion detection,” International Journal of Intelligent Systems, vol. 15, no. 8, pp. 687–704, 2000. View at Google Scholar
  41. S. Bridges and R. Vaughn, “Fuzzy data mining and genetic algorithms applied to intrusion detection,” in Proceedings of the National Information Systems Security Conference (NISSC '00), Baltimore, Md, USA, October 2000.
  42. M. Szmit, Využití nula-jedničkových modelů pro behaviorální analýzu sít’ového provozu, [w:] Internet, competitiveness and organizational security, Tomas Bata University Zlín, pp. 266–299, 2011.