The article proposes a novel two-stage network traffic anomaly detection method for the railway transportation\ncritical infrastructure monitored using wireless sensor networks (WSN). The first step of the proposed solution is to\nfind and eliminate any outlying observations in the analyzed parameters of the WSN traffic using a simple and fast\none-dimensional quartile criterion. In the second step, the remaining data is used to estimate autoregressive fractional\nintegrated moving average (ARFIMA) statistical models describing variability of the tested WSN parameters. The paper\nalso introduces an effective method for the ARFIMA model parameters estimation and identification using Haslett and\nRaftery estimator and Hyndman and Khandakar technique. The choice of the ââ?¬Å?economicallyââ?¬Â parameterized form of the\nmodel was based on the compromise between the conciseness of representation and the estimation of the error size.\nTo detect anomalous behavior, i.e., a potential network attack, the proposed detection method uses statistical relations\nbetween the estimated traffic model and its actual variability. The obtained experimental results prove the effectiveness\nof the presented approach and aptness of selection of the statistical models.
Loading....