Fault detection in an Ethernet network using anomaly signature matching
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Schemes for fault identification in communication networks
IEEE/ACM Transactions on Networking (TON)
Internet traffic characterization
Internet traffic characterization
IEEE/ACM Transactions on Networking (TON)
Fast, approximate synthesis of fractional Gaussian noise for generating self-similar network traffic
ACM SIGCOMM Computer Communication Review
Measurements and analysis of end-to-end Internet dynamics
Measurements and analysis of end-to-end Internet dynamics
Internet service performance failure detection
ACM SIGMETRICS Performance Evaluation Review
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
MRTG: The Multi Router Traffic Grapher
LISA '98 Proceedings of the 12th Conference on Systems Administration
Proactive Network Fault Detection
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Measurements of Wide Area Internet TraffiC
Measurements of Wide Area Internet TraffiC
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Combining routing and traffic data for detection of IP forwarding anomalies
Proceedings of the joint international conference on Measurement and modeling of computer systems
Eigenspace-based anomaly detection in computer systems
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
IP forwarding anomalies and improving their detection using multiple data sources
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Defending Against Flash Crowds and Malicious Traffic Attacks with An Auction-Based Method
WI '04 Proceedings of the 2004 IEEE/WIC/ACM International Conference on Web Intelligence
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Network-Based Problem Detection for Distributed Systems
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Bottleneck detection in UMTS via TCP passive monitoring: a real case
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
One step ahead to multisensor data fusion for DDoS detection
Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Diagnosis of capacity bottlenecks via passive monitoring in 3G networks: An empirical analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Sparse approximations for high fidelity compression of network traffic data
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
Journal of Network and Systems Management
Network traffic analysis using singular value decomposition and multiscale transforms
Information Sciences: an International Journal
Checks and balances: monitoring data quality problems in network traffic databases
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Reversible sketches: enabling monitoring and analysis over high-speed data streams
IEEE/ACM Transactions on Networking (TON)
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Proceedings of the 2007 workshop on Large scale attack defense
A generic language for application-specific flow sampling
ACM SIGCOMM Computer Communication Review
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
Anomaly detection and diagnosis in grid environments
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Identifying statistically anomalous regions in time series of network traffic
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Approximate autoregressive modeling for network attack detection
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Optimal sampling in state space models with applications to network monitoring
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
A system for online compression of high-speed network measurements
International Journal of Internet Protocol Technology
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Application of Wavelet Packet Transform to Network Anomaly Detection
NEW2AN '08 / ruSMART '08 Proceedings of the 8th international conference, NEW2AN and 1st Russian Conference on Smart Spaces, ruSMART on Next Generation Teletraffic and Wired/Wireless Advanced Networking
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Spectral probing, crosstalk and frequency multiplexing in internet paths
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
DDoS attacks detection model and its application
WSEAS Transactions on Computers
Detection of Leaps/sLumps in Traffic Volume of Internet Backbone
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Remote detection of bottleneck links using spectral and statistical methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
Approximate autoregressive modeling for network attack detection
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
An image processing approach to traffic anomaly detection
Proceedings of the 4th Asian Conference on Internet Engineering
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A method of run-time detecting DDos attacks
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
Behavioural Characterization for Network Anomaly Detection
Transactions on Computational Science IV
Uncovering Artifacts of Flow Measurement Tools
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Inferring undesirable behavior from P2P traffic analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
Analysis of traffic data from a hybrid satellite-terrestrial network
The Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness & Workshops
Spatio-temporal compressive sensing and internet traffic matrices
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A novel packet header visualization methodology for network anomaly detection
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Discriminating internet applications based on multiscale analysis
NGI'09 Proceedings of the 5th Euro-NGI conference on Next Generation Internet networks
A visualization tool for exploring multi-scale network traffic anomalies
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
Three levels network analysis for anomaly detection
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Anomaly detection in IP networks with principal component analysis
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Network anomaly confirmation, diagnosis and remediation
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A novel signal-based approach to anomaly detection in IDS systems
ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
Volume traffic anomaly detection using hierarchical clustering
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
On the use of sketches and wavelet analysis for network anomaly detection
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Monitoring abnormal traffic flows based on independent component analysis
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An automatic and dynamic parameter tuning of a statistic-based anomaly detection algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Computer Networks: The International Journal of Computer and Telecommunications Networking
URCA: pulling out anomalies by their root causes
INFOCOM'10 Proceedings of the 29th conference on Information communications
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm
International Journal of Network Management
Online anomaly detection for sensor systems: A simple and efficient approach
Performance Evaluation
BasisDetect: a model-based network event detection framework
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Temporally oblivious anomaly detection on large networks using functional peers
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Understanding and evaluating the impact of sampling on anomaly detection techniques
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Proceedings of the 6th International COnference
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Investigating self-similarity and heavy-tailed distributions on a large-scale experimental facility
IEEE/ACM Transactions on Networking (TON)
Priming: making the reaction to intrusion or fault predictable
Natural Computing: an international journal
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system
Computer Networks: The International Journal of Computer and Telecommunications Networking
sub-space clustering and evidence accumulation for unsupervised network anomaly detection
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
UNADA: unsupervised network anomaly detection using sub-space outliers ranking
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Parametric methods for anomaly detection in aggregate traffic
IEEE/ACM Transactions on Networking (TON)
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Wiki-Watchdog: Anomaly Detection in Wikipedia Through a Distributional Lens
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01
Rapid detection of maintenance induced changes in service performance
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Combining wavelet analysis and information theory for network anomaly detection
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Anomaly detection of excessive network traffic based on ratio and volume analysis
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic location detection system for anomaly traffic on wired/wireless networks
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Towards software-based signature detection for intrusion prevention on the network card
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A hypothesis testing based scalable TCP scan detection
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Proceedings of the 7th International Conference on Network and Services Management
An automatic and generic early-bird system for internet backbone based on traffic anomaly detection
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part I
A traffic identification method and evaluations for a pure p2p application
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
0day anomaly detection made possible thanks to machine learning
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Improved anomaly detection using block-matching denoising
Computer Communications
Detection accuracy of network anomalies using sampled flow statistics
International Journal of Network Management
Detecting and profiling TCP connections experiencing abnormal performance
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Statistical and signal-based network traffic recognition for anomaly detection
Expert Systems: The Journal of Knowledge Engineering
Spatio-temporal compressive sensing and internet traffic matrices
IEEE/ACM Transactions on Networking (TON)
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
Computer Networks: The International Journal of Computer and Telecommunications Networking
The Journal of Supercomputing
STONE: a stream-based DDoS defense framework
Proceedings of the 28th Annual ACM Symposium on Applied Computing
eDoctor: automatically diagnosing abnormal battery drain issues on smartphones
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
An adaptive flow counting method for anomaly detection in SDN
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Improving energy efficiency in distributed intrusion detection systems
Journal of High Speed Networks
| Hi-index | 0.00 |
Identifying anomalies rapidly and accurately is critical to the efficient operation of large computer networks. Accurately characterizing important classes of anomalies greatly facilitates their identification; however, the subtleties and complexities of anomalous traffic can easily confound this process. In this paper we report results of signal analysis of four classes of network traffic anomalies: outages, flash crowds, attacks and measurement failures. Data for this study consists of IP flow and SNMP measurements collected over a six month period at the border router of a large university. Our results show that wavelet filters are quite effective at exposing the details of both ambient and anomalous traffic. Specifically, we show that a pseudo-spline filter tuned at specific aggregation levels will expose distinct characteristics of each class of anomaly. We show that an effective way of exposing anomalies is via the detection of a sharp increase in the local variance of the filtered data. We evaluate traffic anomaly signals at different points within a network based on topological distance from the anomaly source or destination. We show that anomalies can be exposed effectively even when aggregated with a large amount of additional traffic. We also compare the difference between the same traffic anomaly signals as seen in SNMP and IP flow data, and show that the more coarse-grained SNMP data can also be used to expose anomalies effectively.