Probabilistic counting algorithms for data base applications
Journal of Computer and System Sciences
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Data streams: algorithms and applications
SODA '03 Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms
Finding Frequent Items in Data Streams
ICALP '02 Proceedings of the 29th International Colloquium on Automata, Languages and Programming
A simple algorithm for finding frequent elements in streams and bags
ACM Transactions on Database Systems (TODS)
What's hot and what's not: tracking most frequent items dynamically
Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
SYN-dog: Sniffing SYN Flooding Sources
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice
ACM Transactions on Computer Systems (TOCS)
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Tabulation based 4-universal hashing with applications to second moment estimation
SODA '04 Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms
Holistic UDAFs at streaming speeds
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Reversible sketches for efficient and accurate change detection over network data streams
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An improved data stream summary: the count-min sketch and its applications
Journal of Algorithms
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Approximate frequency counts over data streams
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Finding hierarchical heavy hitters in data streams
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Effective Change Detection in Large Repositories of Unsolicited Traffic
ICIMP '09 Proceedings of the 2009 Fourth International Conference on Internet Monitoring and Protection
On the detection of signaling DoS attacks on 3G/WiMax wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Application Entropy Theory to Detect New Peer-to-Peer Botnet with Multi-chart CUSUM
ISECS '09 Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security - Volume 01
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
Error analysis of range-based localisation algorithms in wireless sensor networks
International Journal of Sensor Networks
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
| Hi-index | 0.00 |
In the last years, the ever increasing number of network attacks has brought the research attention to the design and development of effective anomaly detection systems. To this aim, the main target is to develop efficient algorithms able to detect abrupt changes in the data, with the smallest detection delay. In this paper, we present a novel method for network anomaly detection, based on the idea of discovering heavy change (HC) in the distribution of the Heavy Hitters in the network traffic, by applying several forecasting algorithms. To assess the validity of the proposed method, we have performed an experimental evaluation phase, during which our system performance have been compared to more 'classical' approaches, such as a standard HC method and the promising CUSUM method. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method, showing how it is able to outperform the 'classical' approaches.