[1] http://www.symantec.com/.[2] Lakhina A, Crovella M, Diot C. Mining anomalies using trafficfeature distributions. In Proc. ACM SIGCOMM, Philadel-phia, USA, Aug. 22-26, 2005, pp.217-228.[3] Ahmed T, Coates M, Lakhina A. Multivariate online anomalydetection using kernel recursive least squares. In Proc.IEEE INFOCOM, Anchorage, Alaska, USA, May 6-12, 2007,pp.625-633.[4] Brauckhoff D, Salamatian K, May M. Applying PCA for traf-fic anomaly detection: Problems and solutions. In Proc. IN-FOCOM, Rio de Janeiro, Brazil, Apr. 19-25, 2009, pp.2866-2870.[5] Li X, Bian F, Crovella M, Diot C, Govindan R, Iannaccone G,Lakhina A. Detection and identification of network anomaliesusing sketch subspaces. In Proc. IMC, Rio de Janeiro, Brazil,Oct. 25-27, 2006, pp.147-152.[6] Liu Y, Zhang L, Guan Y. Sketch-based streaming PCA al-gorithm for network-wide traffic anomaly detection. In Proc.the 30th International Conference on Distributed ComputingSystems, Genova, Italy, Jun. 21-25, 2010, pp.807-816.[7] Rubinstein B I P, Nelson B, Huang L et al. Antidote: Un-derstanding and defending against poisoning of anomaly de-tectors. In Proc. the 9th Internet Measurement Conference,Chicago, USA, Nov. 4-6, 2009, pp.1-14.[8] Feinstein L, Schnackenberg D, Balupari R, Kindred D. Statis-tical approaches to DDos attack detection and response. InProc. DARPA Information Survivability Conference and Ex-position (DISCEX), Washington DC, USA, Apr. 22-24, 2003,pp.303-314.[9] Nychis G, Sekar V, Andersen D G, Kim H, Zhang H. An em-pirical evaluation of entropy-based traffic anomaly detection.In Proc. the 8th IMC, Vouliagmeni, Greece, Oct. 20-22, 2008,pp.151-156.[10] Vapnik V. The Nature of Statistical Learning Theory. NewYork: Springer, 1995.[11] Burges C J C. A tutorial on support vector machines forpattern recognition. Data Mining and Knowledge Discovery,1998, 2(2): 121-167.[12] Kim H, Claffy K, Fomenkov M et al. Internet traffic classi-fication demystified: Myths, caveats, and the best practices.In Proc. ACM CoNEXT, Madrid, Spain, Dec. 9-12, 2008,Article No.11.[13] Scholkopf B, Platt J C, Shawe-Taylor J C et al. Estimat-ing the support of a high-dimensional distribution. NeuralComputation, 2001, 13(7): 1443-1471.[14] Lin C H, Liu J C, Ho C H. Anomaly detection using LibSVMtraining tools. In Proc. International Conference on Infor-mation Security and Assurance, Busan, Korea, Apr. 24-26,2008, pp.166-171.[15] Keerthi S S, Lin C. Asymptotic behaviors of support vectormachines with Gaussian kernel. Neural Computation, 2003,15(7): 1667-1689.[16] Chang C C, Lin C J. LIBSVM: A library for support vectormachines, 2010, http://www.csie.ntu.edu.tw/?cjlin/libsvm/.[17] Jung J, Paxson V, Berger A, Balakrishnan H. Fast portscandetection using sequential hypothesis testing. In Proc. IEEESymposium on Security and Privacy, Berkeley, CA, USA,May 9-12, 2004, pp.211-225.[18] Li Z, Wang L, Chen Y, Fu Z. Network-based and attack-resilient length signature generation for zero-day polymorphicworms. In Proc. the 15th IEEE International Conference on Network Protocols (ICNP), Beijing, China, Oct. 16-19, 2007,pp.164-173.[19] Liu Z, Shu G, Li N, Lee D. Defending against instant mes-saging worms. In Proc. GLOBECOM, San Francisco, USA,Nov. 27-Dec. 1, 2006.[20] Zhong Z, Ramaswamy L, Li K. ALPACAS: A large-scaleprivacy-aware collaborative anti-spam system. In Proc. IEEEINFOCOM, Phoenix, USA, Apr. 13-18, 2008, pp.556-564.[21] Luo X, Chang R. On a new class of pulsing denial-of-serviceattacks and the defense. In Proc. Network and DistributedSystem Security Symposium, San Diego, California, USA,Feb. 2005.[22] Ning P, Liu A, Du W. Mitigating DoS attacks against broad-cast authentication in wireless sensor networks. ACM Trans-actions on Sensor Networks, 2008, 4(1): 1-31.[23] Jung J, Krishnamurthy B, Rabinovich M. Flash crowds anddenial of service attacks: Characterization and implicationsfor CDNs and Web sites. In Proc. the 11th WWW, Hon-olulu, Hawaii, USA, May 7-11, 2002, pp.293-304.[24] Krishnamurthy B, Sen S, Zhang Y, Chen Y. Sketch-basedchange detection: Methods, evaluation, and applications. InProc. the 3rd ACM IMC, Miami, Florida, USA, Oct. 27-29,2003, pp.234-247.[25] Won Y J, Choi M J, Hong J W K, Kim M S, Hwang H, Lee JH, Lee S G. Fault detection and diagnosis in IP-base missioncritical industrial process control networks. IEEE Communi-cations Magazine, 2008, 46(5): 172-180.[26] Barford P, Kline J, Plonka D, Ron A. A signal analysis of net-work traffic anomalies. In Proc. the 2nd ACM SIGCOMMInternet Measurement Workshop, Marseille, France, Nov. 6-8,2002, pp.71-82.[27] Brutlag J D. Aberrant behavior detection in time series fornetwork monitoring. In Proc. the 14th Systems Administra-tion Conference, New Orleans, Dec. 3-8, 2000, pp.139-146.[28] Zhang Y, Ge Z, Greenberg A, Roughan M. Network anomog-raphy. In Proc. the 5th ACM SIGCOMM Internet Mea-surement Conference, Berkeley, CA, USA, Oct. 19-21, 2005,pp.317-330.[29] Gu Y, McCallum A, Towsley D. Detecting anomalies in net-work traffic using maximum entropy estimation. In Proc. In-ternet Measurement Conference, Berkeley, CA, USA, Oct. 19-21, 2005, pp.45-50.[30] Wagner A, Plattner B. Entropy based worm and anomalydetection in fast IP networks. In Proc. the 14th IEEE In-ternational Workshops Enabling Technologies: InfrastructureCollaborative Enterprise, Washington DC, USA, June 13-15,2005, pp.172-177.[31] Ringberg H, Soule A, Rexford J. Webclass: Adding rigor tomanual labeling of traffic anomalies. SIGCOMM Comput.Commun. Rev., 2008, 38(1): 35-38.[32] Soule A, Larsen H, Silveira F, Rexford J, Diot C. Detectabilityof traffic anomalies in two adjacent networks. In Proc. the8th Int. Conf. Passive and Active Network Measurement,Louvain-la-neuve, Belgium, Apr. 5-6, 2007, pp.22-31.[33] Brauckhoff D, Tellenbach B, Wagner A, May M, Lakhina A.Impact of packet sampling on anomaly detection metrics. InProc. the 6th ACM SIGCOMM Conference on Internet Mea-surement, ACM Press, Oct. 25-27, 2006, pp.159-164.[34] Scherrer A, Larrieu N, Owezarski P, Borgnat P, Abry P. Non-Gaussian and long memory statistical characterizations forInternet traffic with anomalies. IEEE/ACM Trans. Depend-able and Secure Computing, 2007, 4(1): 56-70.[35] Kind A, Stoecklin M P, Dimitropoulos X. Histogram-basedtraffic anomaly detection. IEEE Transactions on Networkand Service Management, 2009, 6(2): 110-121.[36] Silveira F, Diot C, Taft N, Govindan R. Astute: Detectinga different class of traffic anomalies. In Proc. SIGCOMM,New-Delhi, India, Aug. 30-Sept. 3, 2010, pp.267-278.[37] Lakhina A, Crovella M, Diot C. Diagnosing network-wide traf-fic anomalies. In Proc. SIGCOMM, Portland, OR, USA,Aug. 30-Sept. 3, 2004, pp.219-230.[38] Ringberg H, Soule A, Rexford J, Diot C. Sensitivity of PCAfor traffic anomaly detection. In Proc. ACM SIGMETRICSInternational Conf. Measurement and Modeling of ComputerSystems, San Diego, CA, Jun. 12-16, 2007, pp.109-120.[39] Ma J, Perkins S. Online novelty detection on temporal se-quences. In Proc. the 9th ACM SIGKDD International Con-ference on Knowledge Discovery and Data Mining, Washing-ton DC, USA, Aug. 24-27, 2003, pp.613-618.[40] Li K, Teng G. Unsupervised SVM based on p-kernels foranomaly detection. In Proc. Innovative Computing, Infor-mation and Control, Beijing, China, Aug. 30-Sept. 1, 2006,pp.59-62.[41] Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K.Anomaly extraction in backbone networks using associationrules. In Proc. the 9th IMC, Chicago, Illinois, USA, Nov. 4-6,2009, pp.28-34.[42] Paredes-Oliva I, Dimitropoulos X, Molina M, Barlet-Ros P,Brauckhoff D. Automating root-cause analysis of networkanomalies using frequent itemset mining. In Proc. SIG-COMM (Poster), New Delhi, India, Aug. 30-Sep. 3, 2010,pp.467-468.[43] Silveira F, Diot C. URCA: Pulling out anomalies by theirroot causes. In Proc. the 29th INFOCOM, San Diego, USA,Mar. 14-19, 2010, pp.722-730. |