Algorithm for applying short-term forecasting for detecting information security incidents through the network traffic analysis

Authors: Ishakov S. Yu., Ishakov A. Yu., Shelupanov A. A.

Annotation: This article is devoted to the expansion of the methodological apparatus for identifying information security incidents by applying visualization methods to data obtained as a result of the use of short-term forecasting. Ways to improve the accuracy of predicting the behavior of network traffic by automating the determination of the range of acceptable values and using the mechanisms of varying confidence intervals are considered. The authors presented an algorithm for applying the Holt-Winters method for analyzing network traffic, which makes it possible to identify the atypical behavior of network infrastructures and detect incidents in a timely manner. At the same time, data visualization is considered as a means of improving incident management methods, since information on the security status of the telecommunications infrastructure can be used to detect the causes of incidents and investigate them. Options have been proposed for accelerating adaptation to real objects of the network infrastructure of the models obtained using selection of the coefficients of influence of the components, which makes it possible to reduce the time interval and the amount of data necessary to start the formation of predicted values. The laboratory bench was considered and the results of the experiments were presented, the main advantages of the proposed approach and the identified technological limitations were formulated, which allowed defining tasks for the next stages of the study, including conducting experiments on the application of rules limiting the depth of correlation, to increase the stability and speed of searching for large volumes of data processed.

Keywords: algorithm, short-term forecasting, incident, network traffic, visualization