메뉴 건너뛰기




Volumn , Issue , 2012, Pages 76-84

Decoupling non-stationary and stationary components in long range network time series in the context of anomaly detection

Author keywords

Anomaly detection; Monitoring and forecasting; Network traffic characterisation; Stochastic modeling; Time series models

Indexed keywords

AGGREGATED TRAFFICS; ANOMALY DETECTION; AR MODELS; BACK-BONE NETWORK; BETTER PERFORMANCE; COARSE-GRAINED; COMPARATIVE STUDIES; DENIAL OF SERVICE ATTACKS; DETECTION ACCURACY; DETECTION DELAYS; DETECTION RATES; EDGE NETWORKS; FALSE ALARMS; FALSE POSITIVE; FLOW LEVEL; LONG RANGE; LOW-INTENSITY; MODEL PARAMETERS; NETWORK TRAFFIC; NONPARAMETRIC APPROACHES; NONSTATIONARY; PARAMETRIC APPROACH; PRACTICAL IMPLEMENTATION; SAMPLING INTERVAL; SELF-SIMILAR; STATIONARITY; STATIONARY COMPONENTS; STATISTICAL CHARACTERISTICS; STRUCTURAL BREAK; TCP SYN FLOOD; TIME SERIES CHARACTERISTIC; TIME SERIES MODELS; TIME-PERIODS; TRACE DRIVEN SIMULATION; TRAFFIC TRACES;

EID: 84874309665     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/LCN.2012.6423689     Document Type: Conference Paper
Times cited : (4)

References (47)
  • 1
    • 8344250617 scopus 로고    scopus 로고
    • Experience in measuring internet backbone traffic variability: Models, metrics, measurements and meaning
    • M. Roughan, A. Greenberg, C. R. Kalmanek, M. P. Rumsewicz, J. Yates, and Y. Zhang, "Experience in measuring internet backbone traffic variability: Models, metrics, measurements and meaning," in ITC, 2003, pp. 379-388.
    • (2003) ITC , pp. 379-388
    • Roughan, M.1    Greenberg, A.2    Kalmanek, C.R.3    Rumsewicz, M.P.4    Yates, J.5    Zhang, Y.6
  • 3
    • 84856189296 scopus 로고    scopus 로고
    • Flooding attacks detection in traffic of backbone networks
    • O. Salem, A. Makke, J. Tajer, and A. Mehaoua, "Flooding Attacks Detection in Traffic of Backbone Networks," in LCN, 2011, pp. 441-449.
    • (2011) LCN , pp. 441-449
    • Salem, O.1    Makke, A.2    Tajer, J.3    Mehaoua, A.4
  • 4
    • 34250222076 scopus 로고    scopus 로고
    • Traffic predictability based on ARIMA/GARCH model
    • B. Zhou, D. He, and Z. Sun, "Traffic predictability based on ARIMA/GARCH model," in NGI, 2006, pp. 200-207.
    • (2006) NGI , pp. 200-207
    • Zhou, B.1    He, D.2    Sun, Z.3
  • 5
    • 84856189371 scopus 로고    scopus 로고
    • Entropy based SYN flooding detection
    • L. Arshadi and A. H. Jahangir, "Entropy based SYN flooding detection," in LCN, 2011, pp. 139-142.
    • (2011) LCN , pp. 139-142
    • Arshadi, L.1    Jahangir, A.H.2
  • 7
    • 0036375286 scopus 로고    scopus 로고
    • SYN-dog: Sniffing SYN flooding sources
    • H. Wang, D. Zhang, and K. Shin, "SYN-dog: Sniffing SYN flooding sources," in ICDCS, 2002, pp. 421-428.
    • (2002) ICDCS , pp. 421-428
    • Wang, H.1    Zhang, D.2    Shin, K.3
  • 8
    • 33645755861 scopus 로고    scopus 로고
    • Detecting DDOS attacks against web server using time series analysis
    • W. U. Qing-tao and S. Zhi-qing, "Detecting DDOS attacks against web server using time series analysis," Wuhan Univesity Journal of Natural Sciences, vol. 11, no. 1, pp. 175-180, 2006.
    • (2006) Wuhan Univesity Journal of Natural Sciences , vol.11 , Issue.1 , pp. 175-180
    • Qing-Tao, W.U.1    Zhi-Qing, S.2
  • 9
    • 46449120180 scopus 로고    scopus 로고
    • Detection of SYN flooding attacks using linear prediction analysis
    • D. M. Divakaran, H. A. Murthy, and T. A. Gonsalves, "Detection of SYN flooding attacks using linear prediction analysis," in ICON, 2006, pp. 1-6.
    • (2006) ICON , pp. 1-6
    • Divakaran, D.M.1    Murthy, H.A.2    Gonsalves, T.A.3
  • 10
    • 70450260664 scopus 로고    scopus 로고
    • A prediction-based detection algorithm against distributed denial-of-service attacks
    • June
    • G. Zhang, S. Jiang, G. Wei, and Q. Guan, "A prediction-based detection algorithm against distributed denial-of-service attacks," in IWCMC, June 2009, pp. 106-110.
    • (2009) IWCMC , pp. 106-110
    • Zhang, G.1    Jiang, S.2    Wei, G.3    Guan, Q.4
  • 11
    • 80052722024 scopus 로고    scopus 로고
    • Time series models and its relevance to modeling TCP SYN based DOS attacks
    • C. James and H. A. Murthy, "Time series models and its relevance to modeling TCP SYN based DOS attacks," in EURO-NGI, 2011, pp. 1-8.
    • (2011) EURO-NGI , pp. 1-8
    • James, C.1    Murthy, H.A.2
  • 12
    • 18144385431 scopus 로고    scopus 로고
    • Application of anomaly detection algorithms for detecting SYN flooding attacks
    • V. A. Siris and F. Papagalou, "Application of anomaly detection algorithms for detecting SYN flooding attacks," in GLOBECOM, 2004, pp. 2050-2054.
    • (2004) GLOBECOM , pp. 2050-2054
    • Siris, V.A.1    Papagalou, F.2
  • 13
    • 77955384577 scopus 로고    scopus 로고
    • Real-time detection of stealthy DDOS attacks using time-series decomposition
    • H. Liu and M. S. Kim, "Real-time detection of stealthy DDOS attacks using time-series decomposition," in ICC, 2010.
    • (2010) ICC
    • Liu, H.1    Kim, M.S.2
  • 14
    • 0037333205 scopus 로고    scopus 로고
    • Computer intrusion detection through EWMA for autocorrelated and uncorrelated data
    • March
    • N. Ye, S. Vilbert, and Q. Chen, "Computer intrusion detection through EWMA for autocorrelated and uncorrelated data," IEEE Transactions on Reliability, vol. 52, no. 1, pp. 75-82, March 2003.
    • (2003) IEEE Transactions on Reliability , vol.52 , Issue.1 , pp. 75-82
    • Ye, N.1    Vilbert, S.2    Chen, Q.3
  • 16
    • 33744524845 scopus 로고    scopus 로고
    • Low-rate TCP-Targeted denial of service attacks and counter strategies
    • Aug
    • A. Kuzmanovic and E. W. Knightly, "Low-rate TCP-Targeted denial of service attacks and counter strategies," IEEE/ACM Transactions on Networking, vol. 14, no. 4, pp. 683-696, Aug 2006.
    • (2006) IEEE/ACM Transactions on Networking , vol.14 , Issue.4 , pp. 683-696
    • Kuzmanovic, A.1    Knightly, E.W.2
  • 17
    • 25844458510 scopus 로고    scopus 로고
    • Reduction of quality (roq) attacks on internet end-systems
    • M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, "Reduction of Quality (RoQ) Attacks on Internet End-Systems," in INFOCOM, vol. 2, 2005, pp. 1362-1372.
    • (2005) INFOCOM , vol.2 , pp. 1362-1372
    • Guirguis, M.1    Bestavros, A.2    Matta, I.3    Zhang, Y.4
  • 19
    • 17744369470 scopus 로고    scopus 로고
    • Exploiting the transients of adaptation for RoQ attacks on Internet resources
    • M. Guirguis, A. Bestavros, and I. Matta, "Exploiting the transients of adaptation for RoQ attacks on Internet resources," in ICNP, 2004, pp. 184-195.
    • (2004) ICNP , pp. 184-195
    • Guirguis, M.1    Bestavros, A.2    Matta, I.3
  • 20
    • 0029323403 scopus 로고
    • Wide-Area traffic: The failure of Poisson modeling
    • June
    • V. Paxson and S. Floyd, "Wide-Area traffic: The failure of Poisson modeling," IEEE/ACM Transactions on Networking, vol. 3, no. 3, pp. 226-244, June 1995.
    • (1995) IEEE/ACM Transactions on Networking , vol.3 , Issue.3 , pp. 226-244
    • Paxson, V.1    Floyd, S.2
  • 21
    • 77949457636 scopus 로고    scopus 로고
    • A survey of anomaly detection methods in networks
    • W. Zhang, Q. Yang, and Y. Geng, "A Survey of Anomaly Detection Methods in Networks," in CNMT, 2009, pp. 1-3.
    • (2009) CNMT , pp. 1-3
    • Zhang, W.1    Yang, Q.2    Geng, Y.3
  • 22
    • 0033295259 scopus 로고    scopus 로고
    • Bro: A system for detecting network intruders in real-time
    • V. Paxson, "Bro: A system for detecting network intruders in real-time," Computer Networks, vol. 31, pp. 2435-2463, 1999.
    • (1999) Computer Networks , vol.31 , pp. 2435-2463
    • Paxson, V.1
  • 24
    • 81055138234 scopus 로고    scopus 로고
    • Avoiding DDoS with active management of backlog queues
    • M. Bellaiche and J. Gregoire, "Avoiding DDoS with active management of backlog queues," in NSS, 2011, pp. 310-315.
    • (2011) NSS , pp. 310-315
    • Bellaiche, M.1    Gregoire, J.2
  • 27
    • 36349029177 scopus 로고    scopus 로고
    • Sensitivity of PCA for traffic anomaly detection
    • H. Ringberg, A. Soule, J. Rexford, and C. Diot, "Sensitivity of PCA for traffic anomaly detection," in SIGMETRICS, 2007, pp. 109-120.
    • (2007) SIGMETRICS , pp. 109-120
    • Ringberg, H.1    Soule, A.2    Rexford, J.3    Diot, C.4
  • 28
    • 77956292830 scopus 로고    scopus 로고
    • Future internet architecture: Clean-slate versus evolutionary research
    • Sept
    • J. Rexford and C. Dovrolis, "Future internet architecture: clean-slate versus evolutionary research," Communications of the ACM, vol. 53, no. 9, pp. 36-40, Sept 2010.
    • (2010) Communications of the ACM , vol.53 , Issue.9 , pp. 36-40
    • Rexford, J.1    Dovrolis, C.2
  • 32
    • 84910792739 scopus 로고
    • Random level-shift time series models, ARIMA approximations, and level-shift detection
    • Jan
    • C. Chen and G. Tiao, "Random level-shift time series models, ARIMA approximations, and level-shift detection," Journal of Business and Economic Statistics, vol. 8, no. 1, pp. 83-97, Jan 1990.
    • (1990) Journal of Business and Economic Statistics , vol.8 , Issue.1 , pp. 83-97
    • Chen, C.1    Tiao, G.2
  • 34
    • 0022808786 scopus 로고
    • A computational approach to edge detection
    • J. Canny, "A computational approach to edge detection," IEEE Trans-actions on PAMI, vol. 8, no. 6, pp. 679-698, 1986.
    • (1986) IEEE Trans-actions on PAMI , vol.8 , Issue.6 , pp. 679-698
    • Canny, J.1
  • 36
    • 84892817928 scopus 로고    scopus 로고
    • Long range dependence in financial markets
    • R. Cont, "Long range dependence in financial markets," Fractals in Engineering, vol. 4, pp. 159-179, 2005.
    • (2005) Fractals in Engineering , vol.4 , pp. 159-179
    • Cont, R.1
  • 37
    • 0001790708 scopus 로고
    • Some properties of absolute return: An alternative measure of risk
    • C. Granger and Z. Ding, "Some properties of absolute return: An alternative measure of risk," Annals of Economics and Statistics, no. 40, pp. 67-91, 1995.
    • (1995) Annals of Economics and Statistics , Issue.40 , pp. 67-91
    • Granger, C.1    Ding, Z.2
  • 39
    • 0000051984 scopus 로고
    • Autoregressive conditional heteroscedasticity with estimates of the variance of United Kingdom inflation
    • July
    • R. F. Engle, "Autoregressive conditional heteroscedasticity with estimates of the variance of United Kingdom inflation," Econometrica, vol. 50, no. 4, pp. 987-1007, July 1982.
    • (1982) Econometrica , vol.50 , Issue.4 , pp. 987-1007
    • Engle, R.F.1
  • 40
    • 0033346158 scopus 로고    scopus 로고
    • On the distribution of round-trip delays in TCP/IP networks
    • T. Elteto and S. Molnar, "On the distribution of round-trip delays in TCP/IP networks," in LCN, 1999, pp. 172-181.
    • (1999) LCN , pp. 172-181
    • Elteto, T.1    Molnar, S.2
  • 42
    • 77956890381 scopus 로고
    • Fractional differencing
    • J. R. M. Hosking, "Fractional differencing," Biometrika, vol. 68, pp. 165-176, 1981.
    • (1981) Biometrika , vol.68 , pp. 165-176
    • Hosking, J.R.M.1
  • 43
    • 0034822359 scopus 로고    scopus 로고
    • The structural cause of file size distributions
    • A. Downey, "The structural cause of file size distributions," in MASCOT, 2001, pp. 361-370.
    • (2001) MASCOT , pp. 361-370
    • Downey, A.1
  • 44
    • 77952494019 scopus 로고    scopus 로고
    • Statistical analysis of network traffic inter-arrival
    • A. Bhattacharjee and S. Nandi, "Statistical analysis of network traffic inter-arrival," in ICACT, 2010, pp. 1052-1057.
    • (2010) ICACT , pp. 1052-1057
    • Bhattacharjee, A.1    Nandi, S.2
  • 45
    • 84874316230 scopus 로고    scopus 로고
    • Large-scale measurement and modeling of backbone internet traffic
    • M. Roughan and J. Gottlieb, "Large-scale measurement and modeling of backbone internet traffic," in SPIE ITCOM, 2002.
    • (2002) SPIE ITCOM
    • Roughan, M.1    Gottlieb, J.2
  • 46
    • 84874291649 scopus 로고    scopus 로고
    • last accessed on July
    • MAWI working group traffic archive, "http://mawi.wide.ad.jp/mawi/, " last accessed on July 2012.
    • (2012)
  • 47
    • 84874308130 scopus 로고    scopus 로고
    • last accessed on July
    • The Internet Traffic Archive, "http://ita.ee.lbl.gov/," last accessed on July 2012.
    • (2012)


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.