Behavioural characterization for network anomaly detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5430 LNCS, Issue , 2009, Pages 23-40

  Roche, Victor P ^a   Arronategui, Unai ^a  

^a UNIVERSITY OF ZARAGOZA   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

CORPORATE NETWORKS; EXPERIMENTAL TEST; NETFLOW; NETWORK ANOMALY DETECTION; NETWORK EDGES; SUBNETS; WORM ATTACK;

EID: 67650289599     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-01004-0_2     Document Type: Conference Paper

References (27)

1. Caida: Cooperative association for internet data analysis, http://www.caida.org
2. Flow-tools: Tool set for working with netflow data, http://www. splintered.net/sw/flow-tools
3. Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: ACM SIGCOMM Internet Measurement Workshop (2002)
4. Brauckhoff, D., Fiedler, U., Plattner, B.: Towards systematically evaluating flowlevel anomaly detection mechanisms. In: Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006), T̈ubingen, Germany (September 2006)
5. Brauckhoff, D., May, M., Plattner, B.: Flow-level anomaly detection - blessing or curse? In: IEEE INFOCOM 2007, Student Workshop, Anchorage, Alaska, USA (May 2007)
6. Brauckhoff, D., Wagner, A., May, M.: Flame: A flow-level anomaly modeling engine. In: Proceedings of CSET 2008 workshop, Usenix, San Jose, CA, USA (July 2008)
7. Düubendorfer, T., Plattner, B.: Host behaviour based early detection of worm outbreaks in internet backbones. In: WETICE - Security Technologies (STCA) Workshop (2005)
8. Düubendorfer, T., Wagner, A., Hossmann, T., Plattner, B.: Flow-level traffic analysis of the blaster and sobig worm outbreaks in an internet backbone. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol.3548, pp. 103-122. Springer, Heidelberg (2005)
9. Ellis, D.R., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A behavioral approach to worm detection. In: ACM Workshop on Rapid MalcoDe WORM (2005) (Pubitemid 40371959)
10. Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: MineNet 2006: Proceedings of the 2006 SIGCOMM workshop on Mining network data, pp. 281-286. ACM, New York (2006) (Pubitemid 46740690)
11. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.-N., Dokas, P., Kumar, V., Srivastava, J.: Minds,detection of novel network attacks using data mining. In: ICDM Workshop on Data Mining for Computer Security (DMSEC) (2003)
12. Gates, C., Becknel, D.: Host anomalies from network data. In: IEEE SMC Information Assurance Workshop (2005) (Pubitemid 43948740)
13. Gu, R., Hong,M.,Wang, H., Ji, Y.: Fast traffic classification in high speed networks. In: Ma, Y., Choi, D., Ata, S. (eds.) APNOMS 2008. LNCS, vol.5297, pp. 429-432. Springer, Heidelberg (2008)
14. S. Institute. Internet storm center, http://isc.sans.org/, http://www.dshield.org/
15. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: Blinc: Multilevel traffic classification in the dark. In: Proceedings of ACM SIGCOMM, pp. 229-240 (2005) (Pubitemid 46323507)
16. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev. 35(4), 217-228 (2005) (Pubitemid 46323506)
17. Ma, J., Voelker, G.M., Savage, S.: Self-stopping worms. In: ACM Workshop on Rapid MalcoDe WORM (2005) (Pubitemid 43183506)
18. Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: INFOCOM (2003)
19. M̈unz, G., Carle, G.: Real-time analysis of flow data for network attack detection. In: Proceedings of IFIP/IEEE Symposium on Integrated Management (IM2007), Munich, Germany (May 2007) (Pubitemid 47485163)
20. Nickless, B., Navarro, J., Winkler, L.: Combining cisco netflow exports with relational database technology for usage statistics, intrusion detection, and network forensics. In: Proceedings of the Fourteenth Systems Administration Conference (LISA 2000), Berkeley, CA, December 3-8 2000, pp. 285-290. The USENIX Association (2000)
21. Noh, S., Lee, C., Ryu, K., Choi, K., Jung, G.: Detecting worm propagation using traffic concentration analysis and inductive learning. In: Yang, Z.R., Yin, H., Everson, R.M. (eds.) IDEAL 2004. LNCS, vol.3177, pp. 402-408. Springer, Heidelberg (2004) (Pubitemid 39174145)
22. Park, B., Won, Y.J., Choi, M.-J., Kim, M.-S., Hong, J.W.: Empirical analysis of application-level traffic classification using supervised machine learning. In: Ma, Y., Choi, D., Ata, S. (eds.) APNOMS 2008. LNCS, vol.5297, pp. 474-477. Springer, Heidelberg (2008)
23. Plattner, B., Wagner, A., Düubendorfer, T.: In search of a vaccine against distributed denial of service attacks (ddosvax) (2003)
24. Project, T.H.: The honeynet project & research alliance: Know your enemy: Tracking botnets. Technical report (March 13, 2004)
25. Singh, S., Estan, C., Varghese, G., Savage, S.: The earlybird system for real-time detection of unknown worms. In: ACM - Workshop on Hot Topics in Networks (HOTNETS) (2003)
26. Staniford, S., Paxson, V., Weaver, N.: How to 0wn the internet in your spare time (May 14, 2002)
27. Wagner, A., Plattner, B.: Entropy based worm and anomaly detection in fast ip networks. In: WETICE - Security Technologies (STCA) Workshop (2005)