IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Communications of the ACM
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Model-based estimation of buffer overflow probabilities from measurements
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
Training a neural-network based intrusion detector to recognize novel attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
On the estimation of buffer overflow probabilities from measurements
IEEE Transactions on Information Theory
Traffic models in broadband networks
IEEE Communications Magazine
Impact of Packet Sampling on Portscan Detection
IEEE Journal on Selected Areas in Communications
Integrated access control and intrusion detection for Web servers
IEEE Transactions on Parallel and Distributed Systems
Advances in communication networks for pervasive and ubiquitous applications
The Journal of Supercomputing
| Hi-index | 0.00 |
It has been increasingly important for Pervasive and Ubiquitous Applications (PUA) of the network traffic, especially anomaly detection which plays a critical role in enforcing a high protection level of the network against threats. In this paper, we present a network traffic anomaly detection method based on the catastrophe theory. In order to characterize the normal behavior of the network, we construct a profile of the normal network traffic by using an equilibrium surface of the catastrophe theory. When anomalies occur, the state of the network traffic will deviate from the normal equilibrium surface. Then, taking the normal equilibrium surface as a reference, we monitor the ongoing network traffic and we use a new index called as catastrophe distance to quantify the deviation. According to the decision theory, network traffic anomalies can be identified by the catastrophe distance. We evaluate the performance of our approach using the DARPA intrusion detection data set. Experiment results show that our approach is significantly effective on the network traffic anomaly detection.