ACM Transactions on Information and System Security (TISSEC)
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Learning Rules for Anomaly Detection of Hostile Network Traffic
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Summarization – compressing data into an informative representation
Knowledge and Information Systems
Finding hierarchical heavy hitters in streaming data
ACM Transactions on Knowledge Discovery from Data (TKDD)
Proceedings of the 2007 workshop on Large scale attack defense
What's going on?: learning communication rules in edge networks
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Histogram-based traffic anomaly detection
IEEE Transactions on Network and Service Management
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Automating root-cause analysis of network anomalies using frequent itemset mining
Proceedings of the ACM SIGCOMM 2010 conference
An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm
International Journal of Network Management
Listen to me if you can: tracking user experience of mobile network on social media
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Temporally oblivious anomaly detection on large networks using functional peers
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
What happened in my network: mining network events from router syslogs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Proceedings of the 6th International COnference
SEPIA: privacy-preserving aggregation of multi-domain network events and statistics
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A Hough-transform-based anomaly detector with an adaptive time interval
Proceedings of the 2011 ACM Symposium on Applied Computing
Anomaly localization for network data streams with graph joint sparse PCA
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
A Hough-transform-based anomaly detector with an adaptive time interval
ACM SIGAPP Applied Computing Review
Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
ACM Transactions on Information and System Security (TISSEC)
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Assessing the quality of packet-level traces collected on internet backbone links
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches
Computer Communications
Juggling the Jigsaw: towards automated problem inference from network trouble tickets
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
K-sparse approximation for traffic histogram dimensionality reduction
Proceedings of the 8th International Conference on Network and Service Management
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
FaRNet: Fast recognition of high-dimensional patterns from big network traffic data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Data summarization for network traffic monitoring
Journal of Network and Computer Applications
Hi-index | 0.00 |
Anomaly extraction is an important problem essential to several applications ranging from root cause analysis, to attack mitigation, and testing anomaly detectors. Anomaly extraction is preceded by an anomaly detection step, which detects anomalous events and may identify a large set of possible associated event flows. The goal of anomaly extraction is to find and summarize the set of flows that are effectively caused by the anomalous event. In this work, we use meta-data provided by several histogram-based detectors to identify suspicious flows and then apply association rule mining to find and summarize the event flows. Using rich traffic data from a backbone network (SWITCH/AS559), we show that we can reduce the classification cost, in terms of items (flows or rules) that need to be classified, by several orders of magnitude. Further, we show that our techniques effectively isolate event flows in all analyzed cases and that on average trigger between 2 and 8.5 false positives, which can be trivially sorted out by an administrator.