Complex methods detect anomalies in real time based on time series analysis

Real time anomaly detection is important to performance and efficiency in many areas. This paper offers a complex method for detecting abnormal telecommunication traffic. The proposed method includes components based on entropy analysis, signature analysis and machine-learning detection of anomalies using fractal and recurrence analysis. Datasets containing realizations of normal traffic and realizations of attacks of different types were used as input data. Traffic containing the attack is considered to be abnormal. The multifractal and recurrence methods are briefly described. The results of multifractal and recurrence analysis of data-set traffic showed significant differences between normal and attacked realizations. Based on the obtained results, machine-learning algorithms are proposed. The classifiers random forest and neural network were used and showed good classification accuracy. The methods signature and entropy analysis are briefly described, and the results of their application showed a high degree of anomaly detection. The complex anomaly detection method combines entropy analysis, signature analysis, and machine-learning using the multifractal and recurrence analysis. The proposed complex method is tested on virtual network and is compared pervious methods. Simulation results showed that the proposed complex method has the highest percentage of detected attacks, the lowest percentage of undetected attacks and lost data.