Network anomaly detection for railway critical infrastructure based on autoregressive fractional integrated moving average

Tomasz Andrysiak , Łukasz Saganowski , Wojciech Mazurczyk


The article proposes a novel two-stage network traffic anomaly detection method for the railway transportation critical infrastructure monitored using wireless sensor networks (WSN). The first step of the proposed solution is to find and eliminate any outlying observations in the analyzed parameters of the WSN traffic using a simple and fast one-dimensional quartile criterion. In the second step, the remaining data is used to estimate autoregressive fractional integrated moving average (ARFIMA) statistical models describing variability of the tested WSN parameters. The paper also introduces an effective method for the ARFIMA model parameters estimation and identification using Haslett and Raftery estimator and Hyndman and Khandakar technique. The choice of the “economically” parameterized form of the model was based on the compromise between the conciseness of representation and the estimation of the error size. To detect anomalous behavior, i.e., a potential network attack, the proposed detection method uses statistical relations between the estimated traffic model and its actual variability. The obtained experimental results prove the effectiveness of the presented approach and aptness of selection of the statistical models.
Author Tomasz Andrysiak - [Uniwersytet Technologiczno-Przyrodniczy im. Jana i Jędrzeja Śniadeckich w Bydgoszczy (UTP)]
Tomasz Andrysiak,,
- Uniwersytet Technologiczno-Przyrodniczy im. Jana i Jędrzeja Śniadeckich w Bydgoszczy
, Łukasz Saganowski - [Uniwersytet Technologiczno-Przyrodniczy im. Jana i Jędrzeja Śniadeckich w Bydgoszczy (UTP)]
Łukasz Saganowski ,,
- Uniwersytet Technologiczno-Przyrodniczy im. Jana i Jędrzeja Śniadeckich w Bydgoszczy
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
Journal seriesEURASIP Journal on Wireless Communications and Networking, ISSN 1687-1499
Issue year2016
Publication size in sheets0.65
Keywords in EnglishAnomaly detection, Statistical mode,l Network traffic prediction, Critical infrastructure, Transportation system management
ASJC Classification1705 Computer Networks and Communications; 1706 Computer Science Applications; 1711 Signal Processing
ProjectThe Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy, , Phone: +48 22 234-7868, start date 27-04-2015, end date 31-12-2016, IT/2015/statut, Completed
WEiTI Działalność statutowa
Languageen angielski
LicenseJournal (articles only); author's original; Uznanie Autorstwa (CC-BY); after publication
2016 Mazurczyk Network anomaly.pdf 3.82 MB
Score (nominal)20
Score sourcejournalList
ScoreMinisterial score = 20.0, 18-09-2020, ArticleFromJournal
Ministerial score (2013-2016) = 20.0, 18-09-2020, ArticleFromJournal
Publication indicators WoS Citations = 1; Scopus Citations = 2; GS Citations = 3.0; Scopus SNIP (Source Normalised Impact per Paper): 2016 = 0.935; WoS Impact Factor: 2016 = 1.529 (2) - 2016=1.558 (5)
Citation count*3 (2020-09-10)
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Are you sure?