ARIMA based network anomaly detection

Asrul H. Yaacob, Ian K. T. Tan, Su Fong Chien, Hon Khi Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

128 Citations (Scopus)


An early warning system on potential attacks from networks will enable network administrators or even automated network management software to take preventive measures. This is needed as we move towards maximizing the utilization of the network with new paradigms such as Web Services and Software As A Service. This paper introduces a novel approach through using Auto-Regressive Integrated Moving Average (ARIMA) technique to detect potential attacks that may occur in the network. The solution is able to provide feedback through its predictive capabilities and hence provide an early warning system. With the affirmative results, this technique can serve beyond the detection of Denial of Service (DoS) and with sufficient development; an automated defensive solution can be achieved.

Original languageEnglish
Title of host publication2nd International Conference on Communication Software and Networks 2010
Number of pages5
ISBN (Electronic)9781424457274
Publication statusPublished - 25 Mar 2010
Event2nd International Conference on Communication Software and Networks 2010 - Singapore, Singapore
Duration: 26 Feb 201028 Feb 2010


Conference2nd International Conference on Communication Software and Networks 2010
Abbreviated titleICCSN 2010


  • Denial of service
  • Forecasting
  • Intrusion detection
  • Network security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software


Dive into the research topics of 'ARIMA based network anomaly detection'. Together they form a unique fingerprint.

Cite this