IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Observed structure of addresses in IP traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Data Mining for Intrusion Detection: Techniques, Applications and Systems
ICDE '04 Proceedings of the 20th International Conference on Data Engineering
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Combining routing and traffic data for detection of IP forwarding anomalies
Proceedings of the joint international conference on Measurement and modeling of computer systems
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Attack detection in time series for recommender systems
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Polymorphic worm detection and defense: system design, experimental methodology, and data resources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
An algorithm for approximate counting using limited memory resources
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
A data streaming algorithm for estimating entropies of od flows
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Lightweight application classification for network management
Proceedings of the 2007 SIGCOMM workshop on Internet network management
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
Machine learning approaches to network anomaly detection
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Identifying statistically anomalous regions in time series of network traffic
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Anomaly detection by finding feature distribution outliers
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Synergy: blending heterogeneous measurement elements for effective network monitoring
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Improving accuracy of immune-inspired malware detectors by using intelligent features
Proceedings of the 10th annual conference on Genetic and evolutionary computation
CAMNEP: agent-based network intrusion detection system
Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track
A stratified traffic sampling methodology for seeing the big picture
Computer Networks: The International Journal of Computer and Telecommunications Networking
High-Performance Agent System for Intrusion Detection in Backbone Networks
CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI
Collaborative Attack Detection in High-Speed Networks
CEEMAS '07 Proceedings of the 5th international Central and Eastern European conference on Multi-Agent Systems and Applications V
Embedded Malware Detection Using Markov n-Grams
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Trust-Based Classifier Combination for Network Anomaly Detection
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
Continuous Time Bayesian Networks for Host Level Network Intrusion Detection
ECML PKDD '08 Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Streaming Estimation of Information-Theoretic Metrics for Anomaly Detection (Extended Abstract)
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense
Computer Communications
A Sampling Method for Intrusion Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks
IWSOS '08 Proceedings of the 3rd International Workshop on Self-Organizing Systems
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Remote detection of bottleneck links using spectral and statistical methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
An image processing approach to traffic anomaly detection
Proceedings of the 4th Asian Conference on Internet Engineering
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes
International Journal of Electronic Security and Digital Forensics
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
Behavioural Characterization for Network Anomaly Detection
Transactions on Computational Science IV
Uncovering Artifacts of Flow Measurement Tools
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
ACM Computing Surveys (CSUR)
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Detection and mitigation of abnormal traffic behaviour in autonomic networked environments
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
NAP: a building block for remediating performance bottlenecks via black box network analysis
ICAC '09 Proceedings of the 6th international conference on Autonomic computing
Inferring undesirable behavior from P2P traffic analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Learning, indexing, and diagnosing network faults
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Dynamic information source selection for intrusion detection systems
Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 2
WSEAS TRANSACTIONS on COMMUNICATIONS
Scan Surveillance in Internet Networks
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Decentralized multi-dimensional alert correlation for collaborative intrusion detection
Journal of Network and Computer Applications
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
DDoS Attack Detection Algorithm Using IP Address Features
FAW '09 Proceedings of the 3d International Workshop on Frontiers in Algorithmics
Traffic monitor deployment in IP networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
On the impacts of human interactions in MMORPG traffic
Multimedia Tools and Applications
A distributed data streaming algorithm for network-wide traffic anomaly detection
ACM SIGMETRICS Performance Evaluation Review
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
How to keep your head above water while detecting errors
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
EbAT: online methods for detecting utility cloud anomalies
Proceedings of the 6th Middleware Doctoral Symposium
A visualization tool for exploring multi-scale network traffic anomalies
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Flooding attacks detection and victim identification over high speed networks
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Real-time behaviour profiling for network monitoring
International Journal of Internet Protocol Technology
Detecting 802.11 wireless hosts from remote passive observations
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Data stream anomaly detection through principal subspace tracking
Proceedings of the 2010 ACM Symposium on Applied Computing
NADA - network anomaly detection algorithm
DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
PAID: packet analysis for anomaly intrusion detection
PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
Evo'08 Proceedings of the 2008 conference on Applications of evolutionary computing
Anomaly detection in IP networks with principal component analysis
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Network anomaly confirmation, diagnosis and remediation
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
UAI '09 Proceedings of the Twenty-Fifth Conference on Uncertainty in Artificial Intelligence
DDoS attack detection method based on linear prediction model
ICIC'09 Proceedings of the 5th international conference on Emerging intelligent computing technology and applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
Online anomaly detection using KDE
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Sketch-based SIP flooding detection using Hellinger distance
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
How to keep your head above water while detecting errors
Middleware'09 Proceedings of the ACM/IFIP/USENIX 10th international conference on Middleware
Volume traffic anomaly detection using hierarchical clustering
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
On the use of sketches and wavelet analysis for network anomaly detection
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Emulation platform for network wide traffic sampling and monitoring
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Monitoring abnormal traffic flows based on independent component analysis
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Computer Networks: The International Journal of Computer and Telecommunications Networking
Tracking long duration flows in network traffic
INFOCOM'10 Proceedings of the 29th conference on Information communications
URCA: pulling out anomalies by their root causes
INFOCOM'10 Proceedings of the 29th conference on Information communications
Metric forensics: a multi-level approach for mining volatile graphs
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Detecting the performance impact of upgrades in large operational networks
Proceedings of the ACM SIGCOMM 2010 conference
Automating root-cause analysis of network anomalies using frequent itemset mining
Proceedings of the ACM SIGCOMM 2010 conference
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Journal of Intelligent Manufacturing
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
International Journal of Network Management
Unsupervised host behavior classification from connection patterns
International Journal of Network Management
Cybermetrics: user identification through network flow analysis
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Listen to me if you can: tracking user experience of mobile network on social media
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Revisiting the case for a minimalist approach for network flow monitoring
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
What happened in my network: mining network events from router syslogs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Spatio-temporal patterns in network events
Proceedings of the 6th International COnference
Proceedings of the 6th International COnference
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
SEPIA: privacy-preserving aggregation of multi-domain network events and statistics
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Intrusion detection using continuous time Bayesian networks
Journal of Artificial Intelligence Research
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
The flexlab approach to realistic evaluation of networked systems
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
A Hough-transform-based anomaly detector with an adaptive time interval
Proceedings of the 2011 ACM Symposium on Applied Computing
On detecting active worms with varying scan rate
Computer Communications
Machine learning approach for IP-flow record anomaly detection
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
UNADA: unsupervised network anomaly detection using sub-space outliers ranking
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Anomaly localization for network data streams with graph joint sparse PCA
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Continuous distributed monitoring: a short survey
Proceedings of the First International Workshop on Algorithms and Models for Distributed Event Processing
P3CA: private anomaly detection across ISP networks
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
A Hough-transform-based anomaly detector with an adaptive time interval
ACM SIGAPP Applied Computing Review
Parametric methods for anomaly detection in aggregate traffic
IEEE/ACM Transactions on Networking (TON)
Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
ACM Transactions on Information and System Security (TISSEC)
Anomaly detection in categorical datasets using bayesian networks
AICI'11 Proceedings of the Third international conference on Artificial intelligence and computational intelligence - Volume Part II
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Wiki-Watchdog: Anomaly Detection in Wikipedia Through a Distributional Lens
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01
Towards a universal sketch for origin-destination network measurements
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Hardware Precomputation of Entropy for Anomaly Detection
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Rapid detection of maintenance induced changes in service performance
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Combining wavelet analysis and information theory for network anomaly detection
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Combining cross-correlation and fuzzy classification to detect distributed denial-of-service attacks
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part IV
Collaborative anomaly-based detection of large-scale internet attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Streams, security and scalability
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Proceedings of the 7th International Conference on Network and Services Management
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
0day anomaly detection made possible thanks to machine learning
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Improved anomaly detection using block-matching denoising
Computer Communications
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
Entropy based discriminators for p2p teletraffic characterization
ICONIP'11 Proceedings of the 18th international conference on Neural Information Processing - Volume Part II
Revisiting traffic anomaly detection using software defined networking
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Detection accuracy of network anomalies using sampled flow statistics
International Journal of Network Management
Towards efficient flow sampling technique for anomaly detection
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
International Journal of Sensor Networks
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
Detecting anomalies in netflow record time series by using a kernel function
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Distributed denial-of-service attack detection scheme-based joint-entropy
Security and Communication Networks
RasterZip: compressing network monitoring data with support for partial decompression
Proceedings of the 2012 ACM conference on Internet measurement conference
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
Resilience strategies for networked malware detection and remediation
NSS'12 Proceedings of the 6th international conference on Network and System Security
Dual-Level Attack Detection, Characterization and Response for Networks Under DDoS Attacks
International Journal of Mobile Computing and Multimedia Communications
ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches
Computer Communications
Review: A survey of network flow applications
Journal of Network and Computer Applications
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
Characterizing per-application network traffic using entropy
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Computer Networks: The International Journal of Computer and Telecommunications Networking
The Journal of Supercomputing
STONE: a stream-based DDoS defense framework
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
The continuous distributed monitoring model
ACM SIGMOD Record
K-sparse approximation for traffic histogram dimensionality reduction
Proceedings of the 8th International Conference on Network and Service Management
Locating emergencies in a campus using wi-fi access point association data
Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication
ACTIDS: an active strategy for detecting and localizing network attacks
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
An adaptive flow counting method for anomaly detection in SDN
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
A modular multi-location anonymized traffic monitoring tool for a WiFi network
Proceedings of the 4th ACM conference on Data and application security and privacy
Information Sciences: an International Journal
Review: A review of novelty detection
Signal Processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Real-time analysis and management of big time-series data
IBM Journal of Research and Development
Hi-index | 0.00 |
The increasing practicality of large-scale flow capture makes it possible to conceive of traffic analysis methods that detect and identify a large and diverse set of anomalies. However the challenge of effectively analyzing this massive data source for anomaly diagnosis is as yet unmet. We argue that the distributions of packet features (IP addresses and ports) observed in flow traces reveals both the presence and the structure of a wide range of anomalies. Using entropy as a summarization tool, we show that the analysis of feature distributions leads to significant advances on two fronts: (1) it enables highly sensitive detection of a wide range of anomalies, augmenting detections by volume-based methods, and (2) it enables automatic classification of anomalies via unsupervised learning. We show that using feature distributions, anomalies naturally fall into distinct and meaningful clusters. These clusters can be used to automatically classify anomalies and to uncover new anomaly types. We validate our claims on data from two backbone networks (Abilene and Geant) and conclude that feature distributions show promise as a key element of a fairly general network anomaly diagnosis framework.