A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Traffic data repository at the WIDE project
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Proceedings of the 2007 workshop on Large scale attack defense
An image processing approach to traffic anomaly detection
Proceedings of the 4th Asian Conference on Internet Engineering
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
In this paper, we study the application of PCA to the IP network anomaly detection. The algorithm is based on detecting changes in traffic feature distribution aggregated by sample entropy. This method of detection has originally been proposed to detect anomalous traffic on origin-destination flows in backbone networks. We have adjusted the algorithm so that it works with network traffic captured from a single network interface. This makes the algorithm possible to be implemented in any IP networks. The experimental result shows that our implementation can detect some types of known anomaly. As the algorithm is also able to detect unknown types of anomaly, it is also possible to be implemented as preliminary detection system.