Abstract:
An approach to creating normal functioning profiles (NFP) of monitored objects is considered. NFP creation is one of the key steps in solving problems of network anomalies detection. Common issues of NFP creation and ways of overcoming these issues are considered. Iteration methods, Shiskin–Eisenpress method in particular, are proposed as a mathematical tool for NFP creation procedure. Described NFP creation method is verified on empirical network monitoring data and suggested suitable for network anomalies detection.
Keywords:network anomalies, intrusion detection, normal functioning profile, information security.