Rule-based anomaly detection on IP flows

Proceedings - IEEE INFOCOM

Volumn , Issue , 2009, Pages 424-432

  Duffield, Nick ^a   Haffner, Patrick ^a   Krishnamurthy, Balachander ^a   Ringberg, Haakon ^b  

^a AT AND T LABS RESEARCH   (United States)

^b Princeton University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; APPLICATION AREA; FEATURE VECTORS; FLOW LEVEL; FLOW STATISTICS; HIGH-SPEED; IP FLOW; MACHINE-LEARNING; NETWORK APPLICATIONS; NETWORK LOCATION; PACKET CLASSIFICATION; PACKET LEVEL; PACKET-BASED; PAYLOAD INFORMATION; PREDICTION ACCURACY; PROOF OF CONCEPT; RULE BASED; SERVICE PROVIDER NETWORKS; SYSTEM ARCHITECTURES; TRAFFIC ANOMALIES;

INTERNET SERVICE PROVIDERS;

NETWORK SECURITY;

EID: 70349687064     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2009.5061947     Document Type: Conference Paper

References (19)

1. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "Inside the slammer worm," IEEE Security and Privacy, vol. 1, no. 4, pp. 33-39, 2003.
2. "Snort," http://www.snort.org.
3. "Cisco netflow. http://www.cisco.com/warp/public/732/netflow/."
4. H. Madhyastha and B. Krishnamurthy, "A generic language for application-specific flow sampling," Computer Communication Review, April 2008.
5. A. Lakhina, M. Crovella, and C. Diot, "Mining anomalies using traffic feature distributions," in SIGCOMM '05, 2005, pp. 217-228.
6. T. Shon and J. Moon, "A hybrid machine learning approach to network anomaly detection," Inf. Sci., vol. 177, no. 18, pp. 3799-3821, 2007.
7. T. Ahmed, B. Oreshkin, and M. J. Coates, "Machine learning approaches to network anomaly detection," in Proc. SysML, 2007.
8. A. Soule, K. Salamatian, and N. Taft, "Combining filtering and statistical methods for anomaly detection," in IMC '05, 2005, pp. 1-14.
9. Y. Zhang, Z. Ge, A. Greenberg, and M. Roughan, "Network anomography," in IMC '05. New York, NY, USA: ACM, 2005, pp. 1-14.
10. P. Barford, J. Kline, D. Plonka, and A. Ron, "A signal analysis of network traffic anomalies," in Internet Measurment Workshop, 2002.
11. L. Bernaille, R. Teixeira, and K. Salamatian, "Early application identification," in Conference on Future Networking Technologies, 2006.
12. J. Erman, A. Mahanti, M. F. Arlitt, I. Cohen, and C. L. Williamson, "Offline/realtime traffic classification using semi-supervised learning," Perform. Eval., vol. 64, no. 9-12, pp. 1194-1213, 2007.
13. A. Moore and D. Zuev, "Internet traffic classification using bayesian analysis," in Sigmetrics, 2005.
14. H. Jiang, A. W. Moore, Z. Ge, S. Jin, and J. Wang, "Lightweight application classification for network management," in Proceedings of the SIGCOMM Workshop on Internet Network Management, 2007.
15. V. N. Vapnik, Statistical Learning Theory. John Wiley & Sons, 1998.
16. R. E. Schapire and Y. Singer, "Improved boosting algorithms using confidence-rated predictions," Machine Learning, vol. 37, no. 3, pp. 297-336, 1999.
17. M. Dudik, S. Phillips, and R. E. Schapire, "Performance Guarantees for Regularized Maximum Entropy Density Estimation," in Proceedings of COLT'04. Banff, Canada: Springer Verlag, 2004.
18. N. Duffield, C. Lund, and M. Thorup, "Charging from sampled network usage," in 1st Internet Measurement Workshop, 2001, pp. 245-256.
19. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," Computer Networks, vol. 31, pp. 2435-2463, Dec. 1999.