Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies

In this paper, we propose, study and analyze a new network traffic prediction methodology, based on the ‘frequency domain’ traffic analysis and filtering, with the objective of enhancing the network anomaly detection capabilities. Based on this approach, the traffic can be effectively separated into a baseline component, that includes most of the low frequency traffic and presents low burstiness, and the short-term traffic that includes the most dynamic part. The baseline traffic is a mean non-stationary periodic time series, and the Extended Resource-Allocating Network (ERAN) methodology is used for its accurate prediction. The short-term traffic is shown to be a time-dependent series, and the Autoregressive Moving Average (ARMA) model is proposed to be used for the accurate prediction of this component. Furthermore, it is demonstrated that the proposed enhanced traffic prediction strategy can be combined with the use of dynamic thresholds and adaptive anomaly violation conditions, in order to improve the network anomaly detection effectiveness.