EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection
Abstract
Anomaly detection is used to monitor and capture traffic anomalies in network systems. Many anomalies manifest in changes in the intensity of network events. Because of the ability of EWMA control chart to monitor the rate of occurrences of events based on their intensity, this statistic is appropriate for implementation in control limits based algorithms. The performance of standard EWMA algorithm can be made more effective combining the logic of adaptive threshold algorithm and adequate application of fuzzy theory. This paper analyzes the theoretical possibility of applying EWMA statistics and fuzzy logic to detect network anomalies. Different aspects of fuzzy rules are discussed as well as different membership functions, trying to find the most adequate choice. It is shown that the introduction of fuzzy logic in standard EWMA algorithm for anomaly detection opens the possibility of previous warning from a network attack. Besides, fuzzy logic enables precise determination of degree o...f the risk.
Keywords:
network anomaly detection / EWMA / fuzzy rules / membership functions / operatorsSource:
Facta Universitatis. Series: Mechanical Engineering (Online), 2019, 32, 2, 249-265Publisher:
- Niš: Faculty of Electronic Engineering, University of Niš
Collections
Institution/Community
JakovTY - JOUR AU - Čisar, Petar AU - Maravić Čisar, Sanja PY - 2019 UR - http://jakov.kpu.edu.rs/handle/123456789/1525 AB - Anomaly detection is used to monitor and capture traffic anomalies in network systems. Many anomalies manifest in changes in the intensity of network events. Because of the ability of EWMA control chart to monitor the rate of occurrences of events based on their intensity, this statistic is appropriate for implementation in control limits based algorithms. The performance of standard EWMA algorithm can be made more effective combining the logic of adaptive threshold algorithm and adequate application of fuzzy theory. This paper analyzes the theoretical possibility of applying EWMA statistics and fuzzy logic to detect network anomalies. Different aspects of fuzzy rules are discussed as well as different membership functions, trying to find the most adequate choice. It is shown that the introduction of fuzzy logic in standard EWMA algorithm for anomaly detection opens the possibility of previous warning from a network attack. Besides, fuzzy logic enables precise determination of degree of the risk. PB - Niš: Faculty of Electronic Engineering, University of Niš T2 - Facta Universitatis. Series: Mechanical Engineering (Online) T1 - EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection VL - 32 IS - 2 SP - 249 EP - 265 DO - 10.2298/FUEE1902249C ER -
@article{ author = "Čisar, Petar and Maravić Čisar, Sanja", year = "2019", abstract = "Anomaly detection is used to monitor and capture traffic anomalies in network systems. Many anomalies manifest in changes in the intensity of network events. Because of the ability of EWMA control chart to monitor the rate of occurrences of events based on their intensity, this statistic is appropriate for implementation in control limits based algorithms. The performance of standard EWMA algorithm can be made more effective combining the logic of adaptive threshold algorithm and adequate application of fuzzy theory. This paper analyzes the theoretical possibility of applying EWMA statistics and fuzzy logic to detect network anomalies. Different aspects of fuzzy rules are discussed as well as different membership functions, trying to find the most adequate choice. It is shown that the introduction of fuzzy logic in standard EWMA algorithm for anomaly detection opens the possibility of previous warning from a network attack. Besides, fuzzy logic enables precise determination of degree of the risk.", publisher = "Niš: Faculty of Electronic Engineering, University of Niš", journal = "Facta Universitatis. Series: Mechanical Engineering (Online)", title = "EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection", volume = "32", number = "2", pages = "249-265", doi = "10.2298/FUEE1902249C" }
Čisar, P.,& Maravić Čisar, S.. (2019). EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection. in Facta Universitatis. Series: Mechanical Engineering (Online) Niš: Faculty of Electronic Engineering, University of Niš., 32(2), 249-265. https://doi.org/10.2298/FUEE1902249C
Čisar P, Maravić Čisar S. EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection. in Facta Universitatis. Series: Mechanical Engineering (Online). 2019;32(2):249-265. doi:10.2298/FUEE1902249C .
Čisar, Petar, Maravić Čisar, Sanja, "EWMA Statistics and Fuzzy Logic in Function of Network Anomaly Detection" in Facta Universitatis. Series: Mechanical Engineering (Online), 32, no. 2 (2019):249-265, https://doi.org/10.2298/FUEE1902249C . .