|
[1] L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson. 2004 CSI/FBI Computer Crime and Security Survey. Available at www.gocsi.com/forms/fbi/csi_f bi_survey.jhtml, 2004.
[2] L. Garber, "Denial-of-Service Attacks Rip the Internet," Computer, vol. 33, no. 4,pp. 12-17. Apr. 2000.
[3] J. Howard, "An Analysis of Security Incidents on the Internet," PhD thesis, Carnegie Mellon Univ., Aug 1998.
[4] D. Dittrich, “The ‘Stacheldraht’ Distributed Denial of Service Attack Tool”, http://staff.washington.edu/dittrich/ misc/stacheldraht.analysis, 1999.
[5] CERT, "TCP SYN Flooding and IP Spoofing Attacks," Advisory CA-96-21, Sept. 1996. URL:http://www.cert.org/advisories/CA-1996-21.html
[6] C. Schuba et al., "Analysis of a Denial of Service Attack on TCP," Proc. 1997 IEEE Symp. Security and Privacy, 1997.
[7] J. Jung, B. Krishnamurthy, M. Rabinovich. Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites. The Eleventh International World Wide Web Conference, Honolulu, Hawaii, May 2002.
[8] S. Gibson, "The Strange Tale of the Denial of Service Attacks against GRC.COM," http://grc.com/dos/grcdos.htm, 2002.
[9] CERT Research. 2004 Annual Report. At www.cert.org/archive/pdf/cert_rsrch_ann ual_rpt_2004.pdf
[10] B. A. Forouzan. TCP/IP Protocol Suite, Second Edition. McGraw Hill, 2003.
[11] E. T. Jaynes, “Information theory and statistical mechanics,” Phys. Rev., vol. 106, pp. 620–630, 1957.
[12] G. J. Chaitin, “Information-theoretic Limitations of Formal Systems,” J . ACM 21,403 (1974).
[13] G. Markowsky: Introduction to algorithmic information theory. J. Universal Computer Science 2(5): pp. 245-269, 1996.
[14] C.E. Shannon, and W. Weaver, The Mathematical Theory of Communication, University of Illinois Press, 1963.
[15] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical Approaches to DDoS Attack Detection and Response,” to appear in Proc. of DISCEX III, April 2003.
[16] D. W. Aha, D. Kibler, and M. k. Alber, "Instance-based learning," Artificial Intelligence, vo1. 29, pp. 241-288, 1986.
[17] J. Han and M. Kamber, Data Mining:Concepts and Techniques. San Diego: Academic Press, 2001.
[18] T.M. Cover and P.E. Hart, “Nearest Neighbor Pattern Classification,” IEEE Trans. Information Theory, vol. 13, pp. 21-27, Jan. 1968.
[19] F. Aurenhammer. Voronoi diagrams: a survey of a fundamental geometric data structure. ACM Comput. Surv., 23:345–405, 1991.
[20] S. Jin, D. Yeung, ”A covariance analysis model for DDoS attack detection,” IEEE International Conference on Communications (ICC’2004), Paris, France, 20-24 June 2004.
[21] D. C. Montgomery, Introduction to Statistical Quality Control: John Wiley and Sons, 1997.
[22] D. Marchette, "A Statistical Method for Profiling Network Traffic," the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Apr. 1999
[23] T. P. Ryan, Statistical Methods for Quality Improvement: JohnWiley and Sons, 1989.
[24] J. F. MacGregor and T. J. Harris, “The exponentially weighted moving variance,” J. Qual. Technol., vol. 25, no. 1, pp. 106–118, 1993.
[25] J. S. Hunter, “The exponentially weighted moving average,” J. Qual. Technol., vol. 18, pp. 203–209, 1986.
[26] S. W. Roberts, “Control chart tests based on geometric moving averages, ”Technometrics, vol. 1, pp. 239–251, 1959.
[27] T. P. Ryan, Statistical Methods for Quality Improvement: JohnWiley and Sons, 1989.
[28] B. A. Forouzan. TCP/IP Protocol Suite, Second Edition. McGraw Hill, 2003.
[29] I. Yoo, "Protocol anomaly detection and verification," Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC, pp. 74-81. June 2004.
[30] C. Manikopoulos, S. Papavassiliou. Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communications Magazine, October 2002.
|