Techniques to Improve Stable Distribution Modeling of Network Traffic
McEachen, John C.
Scrofani, James W.
MetadataShow full item record
The stable distribution has been shown to more accurately model some aspects of network traffic than alternative distributions. In this work, we quantitatively examine aspects of the modeling performance of the stable distribution as envisioned in a statistical network cyber event detection system. We examine the flexibility and robustness of the stable distribution, extending previous work by comparing the performance of the stable distribution against alternatives using three different, public network traffic data sets with a mix of traffic rates and cyber events. After showing the stable distribution to be the overall most accurate for the examined scenarios, we use the Hellinger metric to investigate the ability of the stable distribution to reduce modeling error when using small data windows and counting periods. For the selected case and metric, the stable model is compared to a Gaussian model and is shown to produce the best overall fit as well as the best (or at worst, equivalent) fit for all counting periods. Additionally, the best stable fit occurs at a counting period that is five times shorter than the best Gaussian case. These results imply that the stable distribution can provide a more robust and accurate model than Gaussian-based alternatives in statistical network anomaly detection implementations while also facilitating faster system detection and response.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Volpano, Dennis; Sun, Xin; Xie, Geoffrey G. (2014);The problem of detecting and resolving control con icts has started to receive attention from the networking commu- nity. Corybantic  is an example of recent work in this area. We argue that it is too coarse grain in ...
Karch, George William (Monterey, California. Naval Postgraduate School, 1976);Shipboard measurements of temperature and velocity fluctuations were performed to determine optical propagation properties of the marine boundary layer. Empirical expressions describing the temperature structure parameter, ...
Bollmann, C.A. (Monterey, California. Naval Postgraduate School, 2018-03);Network anomaly detection must be automated to meet requirements for real-time, accurate monitoring in the face of exponentially growing traffic volumes; however, this accuracy is often reduced when Gaussian methods are ...