Prediction Of Network Attack Frequency Based On Chaotic Time Series

Traditionally,intrusion prevention technology means establishing security defense system to prevent possible attacks through vulnerabilities patching,intrusion detection,firewall log detection,system log detection,and so on.These methods are often taking measures to make up for attacks which have already been occurred.It is too passive to effectively counterattack the corresponding attack.If we can predict future attacks with a lot of methods and measures,the effective prevention strategies would be developed in time and the loss would be reduced.At the same time we can also activate some countermeasures to stop attack before it happens.This thesis focuses on chaotic character discrimination and prediction of the time series of network attack frequency.It is aimed to discriminate characteristics of network attack frequency, and to use a new method to predict attack frequency,especially large-scale attack,accurately.The status quo of network attack frequency prediction was analyzed in the thesis firstly. Two restrictions of current research were indicated:Firstly,it is difficult to take an uninterrupted series of network attack frequency.Secondly,existing prediction methods can't perform the characteristic of network attack frequency well.Two methods,the C-C method and False Nearest Neighbor(FNN) method,were studied for selecting parameters of phase space reconstruction.A new method which named "the C-C Method based on False Nearest Neighbor" was proposed from the combination of C-C method and FNN,and it was applied to select the parameters.In this thesis,the Lyapunov exponent method and surrogate data method were researched and implemented to verify the chaos of network attack frequency series.Then the deficiency of traditional error statistics were analyzed from the particularity of network attack frequency series.Weighted Mean Absolute Percent Error(WMAPE),a new error statistic,was evolved from Mean Absolute Percent Error(MAPE).The results of test show that WMAPE is more appropriate than MAPE in predicting network attack frequency.Four typical methods of chaotic time series prediction were implemented,and they performed well in predicting actual network attack frequency.Zeroth-order Approximate method and RBF(Radial-Basis Function) Neural Network method were chosen as two most appropriate methods from the four,and the application condition of them were also analyzed.At last,statistic ARIMA model was used to predict actual network attack frequency.The experimental results show that the predicting methods of chaotic time series are more accurate than statistic methods.