Inducing Features of Random Fields
IEEE Transactions on Pattern Analysis and Machine Intelligence
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
A comparison of algorithms for maximum entropy parameter estimation
COLING-02 proceedings of the 6th conference on Natural language learning - Volume 20
Efficiently inducing features of conditional random fields
UAI'03 Proceedings of the Nineteenth conference on Uncertainty in Artificial Intelligence
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Estimating entropy over data streams
ESA'06 Proceedings of the 14th conference on Annual European Symposium - Volume 14
A near-optimal algorithm for computing the entropy of a stream
SODA '07 Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms
Anomaly detection by finding feature distribution outliers
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Improving accuracy of immune-inspired malware detectors by using intelligent features
Proceedings of the 10th annual conference on Genetic and evolutionary computation
Backhoe, a Packet Trace and Log Browser
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Streaming Estimation of Information-Theoretic Metrics for Anomaly Detection (Extended Abstract)
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
ACM SIGMETRICS Performance Evaluation Review
Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
Design of the host guard firewall for network protection
ISP'08 Proceedings of the 7th WSEAS international conference on Information security and privacy
Using continuous features in the maximum entropy model
Pattern Recognition Letters
Sublinear estimation of entropy and information distances
ACM Transactions on Algorithms (TALG)
Effective DDoS Attacks Detection Using Generalized Entropy Metric
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Detection & study of DDoS attacks via entropy in data network models
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Evo'08 Proceedings of the 2008 conference on Applications of evolutionary computing
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
A near-optimal algorithm for estimating the entropy of a stream
ACM Transactions on Algorithms (TALG)
AnomBench: a benchmark for volume-based internet anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An automatic and dynamic parameter tuning of a statistic-based anomaly detection algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm
International Journal of Network Management
An efficient and lightweight method for Service Level Agreement assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system
Computer Networks: The International Journal of Computer and Telecommunications Networking
Fast moment estimation in data streams in optimal space
Proceedings of the forty-third annual ACM symposium on Theory of computing
The role of KL divergence in anomaly detection
Proceedings of the ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
The role of KL divergence in anomaly detection
ACM SIGMETRICS Performance Evaluation Review - Performance evaluation review
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Estimating entropy and entropy norm on data streams
STACS'06 Proceedings of the 23rd Annual conference on Theoretical Aspects of Computer Science
Revisiting traffic anomaly detection using software defined networking
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Could firewall rules be public – a game theoretical perspective
Security and Communication Networks
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
POSTER: Revisiting anomaly detection system design philosophy
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Configuration-based IDS for advanced metering infrastructure
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
Fake View Analytics in Online Video Services
Proceedings of Network and Operating System Support on Digital Audio and Video Workshop
Rethinking Stream Ciphers: Can Extracting be Better than Expanding?
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
We develop a behavior-based anomaly detection method that detects network anomalies by comparing the current network traffic against a baseline distribution. The Maximum Entropy technique provides a flexible and fast approach to estimate the baseline distribution, which also gives the network administrator a multi-dimensional view of the network traffic. By computing a measure related to the relative entropy of the network traffic under observation with respect to the baseline distribution, we are able to distinguish anomalies that change the traffic either abruptly or slowly. In addition, our method provides information revealing the type of the anomaly detected. It requires a constant memory and a computation time proportional to the traffic rate.