A Theory for Multiresolution Signal Decomposition: The Wavelet Representation
IEEE Transactions on Pattern Analysis and Machine Intelligence
Ten lectures on wavelets
Signal processing with fractals: a wavelet-based approach
Signal processing with fractals: a wavelet-based approach
Dynamics of IP traffic: a study of the role of variability and the impact of control
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Managing gigabytes (2nd ed.): compressing and indexing documents and images
Managing gigabytes (2nd ed.): compressing and indexing documents and images
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
A non-instrusive, wavelet-based approach to detecting network performance problems
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Traffic matrix estimation: existing techniques and new directions
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
On the characteristics and origins of internet flow rates
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Testing the Gaussian approximation of aggregate traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Observed structure of addresses in IP traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Identifying Long-Term High-Bandwidth Flows at a Router
HiPC '01 Proceedings of the 8th International Conference on High Performance Computing
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A parameterizable methodology for Internet traffic flow profiling
IEEE Journal on Selected Areas in Communications
Transport-independent fairness
Computer Networks: The International Journal of Computer and Telecommunications Networking
Three levels network analysis for anomaly detection
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Temporal-spectral data mining in anomaly detection for spectrum monitoring
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
An entropy-based countermeasure against intelligent dos attacks targeting firewalls
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Preprocessing DNS log data for effective data mining
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Anomaly detection through packet header data
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
Witnessing distributed denial-of-service traffic from an attacker's network
Proceedings of the 7th International Conference on Network and Services Management
Improved anomaly detection using block-matching denoising
Computer Communications
Thwarting DDoS attacks in grid using information divergence
Future Generation Computer Systems
Information Sciences: an International Journal
Securing business processes using security risk-oriented patterns
Computer Standards & Interfaces
Hi-index | 0.00 |
This paper proposes a traffic anomaly detector, operated in postmortem and in real-time, by passively monitoring packet headers of traffic. The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to take action to contain the attacks appropriately before they have had time to propagate across the network. In this paper, we suggest a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router. This address correlation data are transformed using discrete wavelet transform for effective detection of anomalies through statistical analysis. Results from trace-driven evaluation suggest that proposed approach could provide an effective means of detecting anomalies close to the source. We also present a multidimensional indicator using the correlation of port numbers and the number of flows as a means of detecting anomalies.