IEEE Intelligent Systems
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Eigenspace-based anomaly detection in computer systems
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
A (Sub)Graph Isomorphism Algorithm for Matching Large Graphs
IEEE Transactions on Pattern Analysis and Machine Intelligence
GraphScope: parameter-free mining of large time-evolving graphs
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Orbis: rescaling degree correlations to generate annotated internet topologies
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Anomaly detection in data represented as graphs
Intelligent Data Analysis
ACM Computing Surveys (CSUR)
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Measurement-calibrated graph models for social network experiments
Proceedings of the 19th international conference on World wide web
SigSpot: mining significant anomalous regions from time-evolving networks (abstract only)
SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data
Hi-index | 0.00 |
Detecting and diagnosing anomalous traffic are important aspects of managing IP networks. In this paper, we propose a novel approach to detect anomalous network traffic based on graph theory concepts such as degree distribution, maximum degree and dK-2 distance. In this approach, we have used the traffic dispersion graphs (TDG) to model network traffic over time. We analyze differences of TDG graphs in time series to detect anomalies and introduce a method to identify attack patterns in anomalous traffic. The approach has been validated by using network traces from POSTECH and CAIDA.