|
[1] A. Lakhina, M. Crovella, and C. Diot. Diagnosing network-wide traffic anomalies. In ACM SIGCOMM Computer Communication Review, volume 34, page 219–230, 2004. [2] A. Wagner and B. Plattner. Entropy based worm and anomaly detection in fast IP networks. 2005. [3] A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, page 217–228, 2005. [4] K. Fukuda, T. Hirotsu, O. Akashi, and T. Sugawara. A pca analysis of daily unwanted traffic. In 2010 24th IEEE International Conference on Advanced Information Networking and Applications, page 377–384, 2010. [5] G. Nychis, V. Sekar, D.G. Andersen, H. Kim, and H. Zhang. An empirical evaluation of entropybased traffic anomaly detection. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, page 151–156, 2008. [6] Q. Quan, C. Hong-Yi, and Z. Rui. Entropy based method for network anomaly detection. In 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, page 189–191, 2009. [7] D. Brauckhoff, K. Salamatian, and M. May. Applying PCA for traffic anomaly detection: Problems and solutions. In INFOCOM 2009, IEEE, page 2866–2870, 2009. [8] C. Callegari, L. Gazzarrini, S. Giordano, M. Pagano, and T. Pepe. A novel multi timescales pca-based anomaly detection system. In Performance Evaluation of Computer and Telecommunication Systems (SPECTS), 2010 International Symposium on, page 156–162, 2010. [9] C. Issariyapat and K. Fukuda. Anomaly detection in IP networks with principal component analysis. In Communications and Information Technology, 2009. ISCIT 2009. 9th International Symposium on, page 1229–1234, 2009. [10] P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, page 71–82, 2002. [11] X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina. Detection and identification of network anomalies using sketch subspaces. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, page 147–152, 2006. [12] Y. Liu, L. Zhang, and Y. Guan. Sketch-based streaming PCA algorithm for network-wide traffic anomaly detection. In 2010 International Conference on Distributed Computing Systems, page 807–816, 2010. [13] J. Mai, C.N. Chuah, A. Sridharan, T. Ye, and H. Zang. Is sampled data sufficient for anomaly detection? In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, page 165–176, 2006. [14] J. Shlens. A tutorial on principal component analysis. Systems Neurobiology Laboratory, University of California at San Diego, 2005. [15] L. Zheng, P. Zou, Y. Jia, and W. Han. Traffic anomaly detection and containment using filter-ary-sketch. Procedia Engineering, 29:4297–4306, 2012. [16] H. Ringberg, A. Soule, J. Rexford, and C. Diot. Sensitivity of PCA for traffic anomaly detection. ACM SIGMETRICS Performance Evaluation Review, 35(1):109–120, 2007. [17] IT Jolliffe. Discarding variables in a principal component analysis. i: Artificial data. Applied statistics, page 160–173, 1972. [18] A. Lall, V. Sekar, M. Ogihara, J. Xu, and H. Zhang. Data streaming algorithms for estimating entropy of network traffic. ACM SIGMETRICS Performance Evaluation Review, 34(1):145–156, 2006. [19] C. Estan and G. Varghese. New directions in traffic measurement and accounting. In ACM SIGCOMM Computer Communication Review, volume 32, page 323–336, 2002. [20] G. Shen, J. Zhu, and Z. Qin. A hybrid algorithm for accurate stream entropy estimation. In Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference on, page 2302–2305, 2007. [21] G. Cormode and M. Hadjieleftheriou. Finding frequent items in data streams. Proceedings of the VLDB Endowment, 1(2):1530–1541, 2008. [22] G. Cormode and S. Muthukrishnan. An improved data stream summary: the count-min sketch and its applications. Journal of Algorithms, 55(1):58–75, 2005. [23] MAWI working group traffic archive. http://mawi.wide.ad.jp/mawi/. [24] CAIDA witty worm. http://www.caida.org/research/security/witty/. [25] MS-SQL slammer traffic analysis. http://rbeverly.net/research/slammer/. [26] MIT lincoln laboratory: Communications &; information technology. http://www.ll.mit.edu/mission/communications/ist/index.html. [27] MAWI trace "200302270030.dump". http://mawi.wide.ad.jp/mawi/samplepointB/20030227/200302270030.html. [28] MAWI trace "200302270200.dump". http://mawi.wide.ad.jp/mawi/samplepointB/20030227/200302270200.html. [29] Passive monitor: equinix-sanjose. http://www.caida.org/data/monitors/passiveequinix-sanjose.xml. [30] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69–74, 2008.
|