Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The problem of synthetically generating IP traffic matrices: initial recommendations
ACM SIGCOMM Computer Communication Review
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
Long-range dependence in a changing Internet traffic mix
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
Anomaly localization for network data streams with graph joint sparse PCA
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
| Hi-index | 0.00 |
We propose a novel approach for distributed statistical detection of change-points in high-volume network traffic. We consider more specifically the task of detecting and identifying the targets of Distributed Denial of Service (DDoS) attacks. The proposed algorithm, called DTopRank, performs distributed network anomaly detection by aggregating the partial information gathered in a set of network monitors. In order to address massive data while limiting the communication overhead within the network, the approach combines record filtering at the monitor level and a nonparametric rank test for doubly censored time series at the central decision site. The performance of the DTopRank algorithm is illustrated both on synthetic data as well as from a traffic trace provided by a major Internet service provider.