A singular value decomposition updating algorithm for subspace tracking
SIAM Journal on Matrix Analysis and Applications
Fault detection in an Ethernet network using anomaly signature matching
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Schemes for fault identification in communication networks
IEEE/ACM Transactions on Networking (TON)
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
Traffic matrix estimation: existing techniques and new directions
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proactive Network Fault Detection
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
An information-theoretic approach to traffic matrix estimation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Combining routing and traffic data for detection of IP forwarding anomalies
Proceedings of the joint international conference on Measurement and modeling of computer systems
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Experiences in traceroute and available bandwidth change analysis
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Exploring the subspace method for network-wide anomaly diagnosis
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Manifold learning visualization of network traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Fast and accurate traffic matrix measurement using adaptive cardinality counting
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Simplifying the synthesis of internet traffic matrices
ACM SIGCOMM Computer Communication Review
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
Traffic matrix tracking using Kalman filters
ACM SIGMETRICS Performance Evaluation Review - Special issue on the First ACM SIGMETRICS Workshop on Large Scale Network Inference (LSNI 2005)
Robust traffic matrix estimation with imperfect information: making use of multiple data sources
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Toward sophisticated detection with distributed triggers
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
An independent-connection model for traffic matrices
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
Challenging the supremacy of traffic matrices in anomaly detection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Lightweight application classification for network management
Proceedings of the 2007 SIGCOMM workshop on Internet network management
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Proceedings of the 2007 workshop on Large scale attack defense
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
Machine learning approaches to network anomaly detection
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Synergy: blending heterogeneous measurement elements for effective network monitoring
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Decentralized detection of global threshold crossings using aggregation trees
Computer Networks: The International Journal of Computer and Telecommunications Networking
Optimal sampling in state space models with applications to network monitoring
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
CSAMP: a system for network-wide flow monitoring
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
CAMNEP: agent-based network intrusion detection system
Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track
Wide-scale data stream management
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
High-Performance Agent System for Intrusion Detection in Backbone Networks
CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI
An Integrated Solution for Policy Filtering and Traffic Anomaly Detection
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
Trust-Based Classifier Combination for Network Anomaly Detection
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Evading Anomaly Detection through Variance Injection Attacks on PCA
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Anomaly Characterization in Flow-Based Traffic Time Series
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
Towards a meaningful MRA of traffic matrices
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Open problems in the security of learning
Proceedings of the 1st ACM workshop on Workshop on AISec
The risk-utility tradeoff for IP address truncation
Proceedings of the 1st ACM workshop on Network data anonymization
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes
International Journal of Electronic Security and Digital Forensics
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
CORA: Correlation-based resilient aggregation in sensor networks
Ad Hoc Networks
Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Dynamic information source selection for intrusion detection systems
Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 2
Bunker: a privacy-oriented platform for network tracing
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
DDoS Attack Detection Algorithm Using IP Address Features
FAW '09 Proceedings of the 3d International Workshop on Frontiers in Algorithmics
Analysis of traffic data from a hybrid satellite-terrestrial network
The Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness & Workshops
Spatio-temporal compressive sensing and internet traffic matrices
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
A TCAM-based solution for integrated traffic anomaly detection and policy filtering
Computer Communications
Detecting large-scale system problems by mining console logs
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Stealthy poisoning attacks on PCA-based anomaly detectors
ACM SIGMETRICS Performance Evaluation Review
A distributed data streaming algorithm for network-wide traffic anomaly detection
ACM SIGMETRICS Performance Evaluation Review
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
EbAT: online methods for detecting utility cloud anomalies
Proceedings of the 6th Middleware Doctoral Symposium
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Three levels network analysis for anomaly detection
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Decomposable principal component analysis
IEEE Transactions on Signal Processing
Detectability of traffic anomalies in two adjacent networks
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
DCOSS'07 Proceedings of the 3rd IEEE international conference on Distributed computing in sensor systems
Data stream anomaly detection through principal subspace tracking
Proceedings of the 2010 ACM Symposium on Applied Computing
Anomaly detection in IP networks with principal component analysis
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Network anomaly confirmation, diagnosis and remediation
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
DDoS attack detection method based on linear prediction model
ICIC'09 Proceedings of the 5th international conference on Emerging intelligent computing technology and applications
Characterizing, modeling, and generating workload spikes for stateful services
Proceedings of the 1st ACM symposium on Cloud computing
Online anomaly detection using KDE
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Parameterized anomaly detection system with automatic configuration
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Anomaly-based identification of large-scale attacks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Volume traffic anomaly detection using hierarchical clustering
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Fine-grained traffic classification with netflow data
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
An automatic and dynamic parameter tuning of a statistic-based anomaly detection algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Maintaining defender's reputation in anomaly detection against insider attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics - Special issue on game theory
Coordinated sampling sans origin-destination identifiers: algorithms and analysis
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Computer Networks: The International Journal of Computer and Telecommunications Networking
URCA: pulling out anomalies by their root causes
INFOCOM'10 Proceedings of the 29th conference on Information communications
Complexity-penalized estimation of minimum volume sets for dependent data
Journal of Multivariate Analysis
Differentially-private network trace analysis
Proceedings of the ACM SIGCOMM 2010 conference
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Detecting the performance impact of upgrades in large operational networks
Proceedings of the ACM SIGCOMM 2010 conference
Crowdsourcing service-level network event monitoring
Proceedings of the ACM SIGCOMM 2010 conference
Mining console logs for large-scale system problem detection
SysML'08 Proceedings of the Third conference on Tackling computer systems problems with machine learning techniques
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
International Journal of Network Management
An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm
International Journal of Network Management
Online anomaly detection for sensor systems: A simple and efficient approach
Performance Evaluation
Real-time detection of traffic anomalies in wireless mesh networks
Wireless Networks
Revisiting the case for a minimalist approach for network flow monitoring
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
BasisDetect: a model-based network event detection framework
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Temporally oblivious anomaly detection on large networks using functional peers
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Detecting network anomalies in backbone networks
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Distributed threshold querying of general functions by a difference of monotonic representation
Proceedings of the VLDB Endowment
Proceedings of the 6th International COnference
Robust traffic anomaly detection with principal component pursuit
Proceedings of the ACM CoNEXT Student Workshop
On the scalability of Delay-Tolerant Botnets
International Journal of Security and Networks
Reactive Robust Routing: Anomaly Localization and Routing Reconfiguration for Dynamic Networks
Journal of Network and Systems Management
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Properties and Evolution of Internet Traffic Networks from Anonymized Flow Data
ACM Transactions on Internet Technology (TOIT)
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
sub-space clustering and evidence accumulation for unsupervised network anomaly detection
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Temporal data mining approaches for sustainable chiller management in data centers
ACM Transactions on Intelligent Systems and Technology (TIST)
On detecting active worms with varying scan rate
Computer Communications
Detecting anomalies in people's trajectories using spectral graph analysis
Computer Vision and Image Understanding
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
UNADA: unsupervised network anomaly detection using sub-space outliers ranking
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Anomaly localization for network data streams with graph joint sparse PCA
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Discovering spatio-temporal causal interactions in traffic data streams
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automating network monitoring on experimental testbeds
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
P3CA: private anomaly detection across ISP networks
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Proceedings of the 4th ACM workshop on Security and artificial intelligence
LEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Rapid detection of maintenance induced changes in service performance
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Distributed detection/localization of change-points in high-dimensional network traffic data
Statistics and Computing
Combining wavelet analysis and information theory for network anomaly detection
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Detecting and identifying network anomalies by component analysis
APNOMS'06 Proceedings of the 9th Asia-Pacific international conference on Network Operations and Management: management of Convergence Networks and Services
Agent-Based approach for distributed intrusion detection system design
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part III
Internet traffic mid-term forecasting: a pragmatic approach using statistical analysis tools
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Proceedings of the 7th International Conference on Network and Services Management
0day anomaly detection made possible thanks to machine learning
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
Structural analysis of network traffic matrix via relaxed principal component pursuit
Computer Networks: The International Journal of Computer and Telecommunications Networking
Securing application-level topology estimation networks: facing the frog-boiling attack
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Towards efficient flow sampling technique for anomaly detection
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Detecting and profiling TCP connections experiencing abnormal performance
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Estimation of data traffic flows from aggregate measurements
Mathematical and Computer Modelling: An International Journal
RainMon: an integrated approach to mining bursty timeseries monitoring data
Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Anatomy of a large european IXP
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Query strategies for evading convex-inducing classifiers
The Journal of Machine Learning Research
Spatio-temporal compressive sensing and internet traffic matrices
IEEE/ACM Transactions on Networking (TON)
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Anatomy of a large european IXP
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
Collaborative anomaly-based attack detection
IWSOS'07 Proceedings of the Second international conference on Self-Organizing Systems
Routing state distance: a path-based metric for network analysis
Proceedings of the 2012 ACM conference on Internet measurement conference
On traffic matrix completion in the internet
Proceedings of the 2012 ACM conference on Internet measurement conference
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
New opportunities for load balancing in network-wide intrusion detection systems
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
Autonomic load balancing of flow monitors
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hidden anomaly detection in telecommunication networks
Proceedings of the 8th International Conference on Network and Service Management
Adaptive monitoring: a framework to adapt passive monitoring using probing
Proceedings of the 8th International Conference on Network and Service Management
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
Robust assessment of changes in cellular networks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Proceedings of the Fourth Symposium on Information and Communication Technology
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Anomaly detection in large-scale data stream networks
Data Mining and Knowledge Discovery
Topology-Aware Correlated Network Anomaly Event Detection and Diagnosis
Journal of Network and Systems Management
Characterizing home network traffic: an inside view
Personal and Ubiquitous Computing
Hi-index | 0.00 |
Anomalies are unusual and significant changes in a network's traffic levels, which can often span multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret anomalous patterns from large amounts of high-dimensional, noisy data.In this paper we propose a general method to diagnose anomalies. This method is based on a separation of the high-dimensional space occupied by a set of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions. We show that this separation can be performed effectively by Principal Component Analysis.Using only simple traffic measurements from links, we study volume anomalies and show that the method can: (1) accurately detect when a volume anomaly is occurring; (2) correctly identify the underlying origin-destination (OD) flow which is the source of the anomaly; and (3) accurately estimate the amount of traffic involved in the anomalous OD flow.We evaluate the method's ability to diagnose (i.e., detect, identify, and quantify) both existing and synthetically injected volume anomalies in real traffic from two backbone networks. Our method consistently diagnoses the largest volume anomalies, and does so with a very low false alarm rate.