Two-dimensional signal and image processing
Two-dimensional signal and image processing
Digital processing of random signals: theory and methods
Digital processing of random signals: theory and methods
Data networks as cascades: investigating the multifractal nature of Internet WAN traffic
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
An Aggregation Technique for Traffic Monitoring
SAINT-W '02 Proceedings of the 2002 Symposium on Applications and the Internet (SAINT) Workshops
On Effectiveness of Link Padding for Statistical Traffic Analysis Attacks
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Visual Correlation of Network Alerts
IEEE Computer Graphics and Applications
Pattern Recognition, Third Edition
Pattern Recognition, Third Edition
Data and Computer Communications and Computer Networking with internet Protocols and Technology: Opnet Lab Manual to Accompany the seventh edition and fourth edition
Network intrusion detection in covariance feature space
Pattern Recognition
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Unsupervised Anomaly Detection in Network Traffic by Means of Robust PCA
ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
IEEE Transactions on Knowledge and Data Engineering
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
Network anomaly detection and classification via opportunistic sampling
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Multiresolution FIR neural-network-based learning algorithm applied to network traffic prediction
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Statistical analysis of network traffic for adaptive faults detection
IEEE Transactions on Neural Networks
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
Non-invasive detection and classification of skin cancer from visual and cross-sectional images
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Proceedings of the 2nd International Conference on Application and Theory of Automation in Command and Control Systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Various approaches have been developed for quantifying and displaying network traffic information for determining network status and in detecting anomalies. Although many of these methods are effective, they rely on the collection of long-term network statistics. Here, we present an approach that uses short-term observations of network features and their respective time averaged entropies. Acute changes are localized in network feature space using adaptive Wiener filtering and auto-regressive moving average modeling. The color-enhanced datagram is designed to allow a network engineer to quickly capture and visually comprehend at a glance the statistical characteristics of a network anomaly. First, average entropy for each feature is calculated for every second of observation. Then, the resultant short-term measurement is subjected to first- and second-order time averaging statistics. These measurements are the basis of a novel approach to anomaly estimation based on the well-known Fisher linear discriminant (FLD). Average port, high port, server ports, and peered ports are some of the network features used for stochastic clustering and filtering. We empirically determine that these network features obey Gaussian-like distributions. The proposed algorithm is tested on real-time network traffic data from Ohio University's main Internet connection. Experimentation has shown that the presented FLD-based scheme is accurate in identifying anomalies in network feature space, in localizing anomalies in network traffic flow, and in helping network engineers to prevent potential hazards. Furthermore, its performance is highly effective in providing a colorized visualization chart to network analysts in the presence of bursty network traffic.