Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Time Series Analysis, Forecasting and Control
Time Series Analysis, Forecasting and Control
Autonomic Response to Distributed Denial of Service Attacks
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Distributed Management Architecture for Cooperative Detection and Reaction to DDoS Attacks
Journal of Network and Systems Management
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Monitoring the Macroscopic Effect of DDoS Flooding Attacks
IEEE Transactions on Dependable and Secure Computing
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Using Hilbert-Huang Transform to Characterize Intrusions in Computer Networks
ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 05
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Topology-Aware Correlated Network Anomaly Event Detection and Diagnosis
Journal of Network and Systems Management
| Hi-index | 0.00 |
Distributed network traffic anomaly refers to a traffic abnormal behavior involving many links of a network and caused by the same source (e.g., DDoS attack, worm propagation). The anomaly transiting in a single link might be unnoticeable and hard to detect, while the anomalous aggregation from many links can be prevailing, and does more harm to the networks. Aiming at the similar features of distributed traffic anomaly on many links, this paper proposes a network-wide detection method by performing anomalous correlation analysis of traffic signals' instantaneous parameters. In our method, traffic signals' instantaneous parameters are firstly computed, and their network-wide anomalous space is then extracted via traffic prediction. Finally, an anomaly is detected by a global correlation coefficient of anomalous space. Our evaluation using Abilene traffic traces demonstrates the excellent performance of this approach for distributed traffic anomaly detection.