Traffic anomaly diagnosis in Internet backbone networks: A survey

Computer Networks

Volumn 73, Issue , 2014, Pages 224-243

  Marnerides, A K ^a,c   Schaeffer Filho, A ^b   Mauthe, A ^a  

^a LANCASTER UNIVERSITY   (United Kingdom)

^b FEDERAL UNIVERSITY OF RIO GRANDE DO SUL   (Brazil)

^c LIVERPOOL JOHN MOORES UNIVERSITY   (United Kingdom)

Author keywords

Anomaly detection; Digital signal processing; Feature selection; Information theory; Internet traffic anomalies; Statistical methods

Indexed keywords

DIGITAL SIGNAL PROCESSING; FEATURE EXTRACTION; INFORMATION THEORY; STATISTICAL METHODS; SURVEYS;

ANOMALY DETECTION; ANOMALY DIAGNOSIS; INTERNET BACKBONE; INTERNET TRAFFIC; NETWORK ANOMALIES; NETWORK INFRASTRUCTURE; TRAFFIC ANOMALIES; TRAFFIC FLUCTUATIONS;

CRITICAL INFRASTRUCTURES;

EID: 84907567316     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2014.08.007     Document Type: Short Survey

References (104)

1. S. Novakov, C.-H. Lung, I. Lambadaris, N. Seddigh, Studies in applying pca and wavelet algorithms for network traffic anomaly detection, in: 2013 IEEE 14th International Conference on High Performance Switching and Routing (HPSR), 2013, pp. 185-190. http://dx.doi.org/10.1109/HPSR.2013.6602310.
2. J. Wang, D. Rossell, C.G. Cassandras, I.C. Paschalidis, Network anomaly detection: a survey and comparative analysis of stochastic and deterministic methods, CoRR abs/1309.4844.
3. B. Tellenbach, M. Burkhart, D. Schatzmann, D. Gugelmann, and D. Sornette Accurate network anomaly classification with generalized entropy metrics Comput. Netw. 55 15 2011 3485 3502 10.1016/j.comnet.2011.07.008
4. A. Coluccia, A. D'alconzo, and F. Ricciato Distribution-based anomaly detection via generalized likelihood ratio test: a general maximum entropy approach Comput. Netw. 57 17 2013 3446 3462 http://dx.doi.org/10.1016/j.comnet.2013.07.028
5. T. Gamer Collaborative anomaly-based detection of large-scale internet attacks Comput. Netw. 56 1 2012 169 185 10.1016/j.comnet.2011.08.015
6. D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian Anomaly extraction in backbone networks using association rules IEEE/ACM Trans. Network. 20 6 2012 1788 1799 10.1109/TNET.2012.2187306
7. A. Patcha, and J.-M. Park An overview of anomaly detection techniques: existing solutions and latest technological trends Comput. Netw. 51 12 2007 3448 3470 10.1016/j.comnet.2007.02.001
8. T.M., G. Liu, C. Ji, Anomaly detection approaches for communication networks, Algorithms for Next Generation Networks, 2010.
9. J.M. Estvez-Tapiador, P. Garcia-Teodoro, and J.E. Daz-Verdejo Anomaly detection methods in wired networks: a survey and taxonomy Comput. Commun. 27 16 2004 1569 1584
10. P. Barford, N. Duffield, A. Ron, and J. Sommers Network performance anomaly detection and localization INFOCOM 2009 2009 IEEE 1377 1385 http://dx.doi.org/10.1109/INFCOM.2009.5062053
11. F. Soldo, A. Metwally, Traffic anomaly detection based on the ip size distribution, in: INFOCOM, 2012 Proceedings IEEE, 2012, pp. 2005-2013. http://dx.doi.org/10.1109/INFCOM.2012.6195581.
12. I.C. Paschalidis, and G. Smaragdakis Spatio-temporal network anomaly detection by assessing deviations of empirical measures IEEE/ACM Trans. Netw. 17 3 2009 685 697 10.1109/TNET.2008.2001468
13. M. Salagean, Real network traffic anomaly detection based on analytical discrete wavelet transform, in: 2010 12th International Conference on Optimization of Electrical and Electronic Equipment (OPTIM), 2010, pp. 926-931. http://dx.doi.org/10.1109/OPTIM.2010.5510445.
14. M. Roesch Snort - lightweight intrusion detection for networks Proceedings of the 13th USENIX Conference on System Administration 1999 USENIX Association Berkeley, CA, USA 229 238
15. Snort < http://www.snort.org >.
16. Bro ids < http://www.bro.org >.
17. V. Paxson, Bro: a system for detecting network intruders in real-time, in: Computer Networks, 1999, pp. 2435-2463.
18. H. Debar, M. Dacier, and A. Wespi A revised taxonomy for intrusion-detection systems Ann. Télécommun. 55 7-8 2000 361 378
19. T. Peng, C. Leckie, and K. Ramamohanarao Survey of network-based defense mechanisms countering the dos and ddos problems ACM Comput. Surv. 39 1 2007 3 http://dx.doi.org/10.1145/1216370.1216373
20. A.K. Marnerides, On Characterization & Decomposition of Internet Traffic Dynamics, Ph.D. thesis, Dept. of Computing & Communications, Lancaster University, 2011.
21. V. Chandola, A. Banerjee, and V. Kumar Anomaly detection: a survey ACM Comput. Surv. 41 3 2009 15:1 15:58 10.1145/1541880.1541882
22. A. Lakhina, M. Crovella, and C. Diot Diagnosing network-wide traffic anomalies SIGCOMM '04: Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications 2004 ACM New York, NY, USA 219 230 http://dx.doi.org/10.1145/1015467.1015492
23. G. Dewaele, K. Fukuda, P. Borgnat, P. Abry, and K. Cho Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures Proceedings of the 2007 Workshop on Large Scale Attack Defense, LSAD'07 2007 ACM New York, NY, USA 145 152 http://dx.doi.org/10.1145/1352664.1352675
24. Y. Zhang, M. Roughan, W. Willinger, and L. Qiu Spatio-temporal compressive sensing and internet traffic matrices Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM'09 2009 ACM New York, NY, USA 267 278 http://dx.doi.org/10.1145/1592568.1592600
25. A. Soule, A. Lakhina, N. Taft, K. Papagiannaki, K. Salamatian, A. Nucci, M. Crovella, and C. Diot Traffic matrices: balancing measurements, inference and modeling SIGMETRICS Perform. Eval. Rev. 33 1 2005 362 373 http://dx.doi.org/10.1145/1071690.1064259
26. P. Barford, and D. Plonka Characteristics of network traffic flow anomalies IMW'01: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement 2001 ACM New York, NY, USA 69 73 http://dx.doi.org/10.1145/505202.505211
27. A.H. Yaacob, I.K. Tan, S.F. Chien, and H.K. Tan Arima based network anomaly detection Int. Conf. Commun. Software Netw. 0 2010 205 209 < http://doi.ieeecomputersociety.org/10.1109/ICCSN.2010.55 >
28. V. Siris, and F. Papagalou Application of anomaly detection algorithms for detecting syn flooding attacks Global Telecommunications Conference, 2004 GLOBECOM '04 vol. 4 2004 IEEE 2050 2054 http://dx.doi.org/10.1109/GLOCOM.2004.1378372
29. A. Lakhina, M. Crovella, and C. Diot Characterization of network-wide anomalies in traffic flows IMC'04: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement 2004 ACM New York, NY, USA 201 206 http://dx.doi.org/10.1145/1028788.1028813
30. E. Alpaydin Introduction to Machine Learning (Adaptive Computation and Machine Learning) 2004 The MIT Press
31. C. Gates, and C. Taylor Challenging the anomaly detection paradigm: a provocative discussion Proceedings of the 006 Workshop on New Security Paradigms, NSPW '06 2007 ACM New York, NY, USA 21 29 http://dx.doi.org/10.1145/1278940.1278945
32. H. Ringberg, M. Roughan, and J. Rexford The need for simulation in evaluating anomaly detectors SIGCOMM Comput. Commun. Rev. 38 1 2008 55 59 10.1145/1341431.1341443
33. Y. Zhang, M. Roughan, C. Lund, and D. Donoho An information-theoretic approach to traffic matrix estimation Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM'03 2003 ACM New York, NY, USA 301 312 http://dx.doi.org/10.1145/863955.863990
34. F. Silveira, C. Diot, N. Taft, and R. Govindan Astute: detecting a different class of traffic anomalies SIGCOMM'10: Proceedings of the ACM SIGCOMM 2010 Conference on SIGCOMM 2010 ACM New York, NY, USA 267 278 http://dx.doi.org/10.1145/1851182.1851215
35. P. Chhabra, C. Scott, E.D. Kolaczyk, M. Crovella, Distributed spatial anomaly detection, in: Proceedings of Infocom 2008, 2008.
36. Y. Zhang, Z. Ge, A. Greenberg, and M. Roughan Network anomography IMC'05: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement 2005 USENIX Association Berkeley, CA, USA 30
37. C. Arthur, Why isps loathe the bbc iplayer, The Guardian, April 2008. < http://www.guardian.co.uk/technology/2008/apr/07/iplayer.isps >.
38. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham A taxonomy of computer worms Proceedings of the 2003 ACM Workshop on Rapid Malcode, WORM '03 2003 ACM New York, NY, USA 11 18 http://dx.doi.org/10.1145/948187.948190
39. P. Barford, J. Kline, D. Plonka, and A. Ron A signal analysis of network traffic anomalies IMW'02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement 2002 ACM New York, NY, USA 71 82 http://dx.doi.org/10.1145/637201.637210
40. D. Gao, M.K. Reiter, and D. Song On gray-box program tracking for anomaly detection Proceedings of the 13th Conference on USENIX Security Symposium SSYM'04 vol. 13 2004 USENIX Association Berkeley, CA, USA 8 < http://dl.acm.org/citation.cfm?id=1251375.1251383 >
41. W. Lee, D. Xiang, Information-theoretic measures for anomaly detection, in: Proceedings. 2001 IEEE Symposium on Security and Privacy, 2001, SP 2001, 2001, pp. 130-143. http://dx.doi.org/10.1109/SECPRI.2001.924294.
42. Z. Zhang, F. Nat-Abdesselam, P.-H. Ho, and Y. Kadobayashi Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks Comput. Secur. 30 6-7 2011 525 537
43. H. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee Internet traffic classification demystified: myths, caveats, and the best practices CoNEXT'08: Proceedings of the 2008 ACM CoNEXT Conference 2008 ACM New York, NY, USA 1 12
44. A. Lakhina, M. Crovella, and C. Diot Mining anomalies using traffic feature distributions SIGCOMM Comput. Commun. Rev. 35 4 2005 217 228 http://dx.doi.org/10.1145/1090191.1080118
45. A. Soule, K. Salamatian, and N. Taft Combining filtering and statistical methods for anomaly detection IMC'05: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement 2005 USENIX Association Berkeley, CA, USA 31
46. D. Zuev, A.W. Moore, Traffic classification using a statistical approach, in: Passive and Active Measurement, 2005.
47. Cisco Ios Netflow < www.cisco.com/web/go/netflow >.
48. N. Duffield Sampling for passive internet measurement: a review Stat. Sci. 19 2004 472 498
49. C. Duffield, N. Lund, and M. Thorup Properties and prediction of flow statistics from sampled packet streams Proceedings of the 2Nd ACM SIGCOMM Workshop on Internet Measurement, IMW'02 2002 ACM New York, NY, USA 159 171 http://dx.doi.org/10.1145/637201.637225
50. N. Hohn, and D. Veitch Inverting sampled traffic IEEE/ACM Trans. Network. 14 1 2006 68 80 10.1109/TNET.2005.863456
51. J. Mai, C.-N. Chuah, A. Sridharan, T. Ye, and H. Zang Is sampled data sufficient for anomaly detection? Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC'06 2006 ACM New York, NY, USA 165 176 http://dx.doi.org/10.1145/1177080.1177102
52. D. Brauckhoff, B. Tellenbach, A. Wagner, M. May, and A. Lakhina Impact of packet sampling on anomaly detection metrics Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC'06 2006 ACM New York, NY, USA 159 164 http://dx.doi.org/10.1145/1177080.1177101
53. D. Brauckhoff, K. Salamatian, M. May, A signal processing view on packet sampling and anomaly detection, in: INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1-9. http://dx.doi.org/10.1109/INFCOM.2010.5462154.
54. X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina Detection and identification of network anomalies using sketch subspaces IMC'06: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement 2006 ACM New York, NY, USA 147 152 http://dx.doi.org/10.1145/1177080.1177099
55. L. Huang, X.L. Nguyen, M. Garofalakis, A. Joseph, M. Jordan, and N. Taft In-network pca and anomaly detection Advances in Neural Information Processing Systems (NIPS) 2006 Vancouver, BC
56. Y. Zhang, S. Singh, S. Sen, N. Duffield, and C. Lund Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications IMC'04: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement 2004 ACM New York, NY, USA 101 114 http://dx.doi.org/10.1145/1028788.1028802
57. G. Nychis, V. Sekar, D.G. Andersen, H. Kim, and H. Zhang An empirical evaluation of entropy-based traffic anomaly detection IMC'08: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement 2008 ACM New York, NY, USA 151 156 http://dx.doi.org/10.1145/1452520.1452539
58. A. Wagner, B. Plattner, Entropy based worm and anomaly detection in fast ip networks, in: 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005, pp. 172-177. http://dx.doi.org/10.1109/WETICE.2005.35.
59. B. Tellenbach, M. Burkhart, D. Sornette, and T. Maillart Beyond shannon: characterizing internet traffic with generalized entropy metrics PAM'09: Proceedings of the 10th International Conference on Passive and Active Network Measurement 2009 Springer-Verlag Berlin, Heidelberg 239 248 http://dx.doi.org/10.1007/978-3-642-00975-4-24
60. A. Kind, M. Stoecklin, and X. Dimitropoulos Histogram-based traffic anomaly detection IEEE Trans. Network Serv. Manage. 6 2 2009 110 121 10.1109/TNSM.2009.090604
61. D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian Anomaly extraction in backbone networks using association rules IMC'09: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference 2009 ACM New York, NY, USA 28 34 http://dx.doi.org/10.1145/1644893.1644897
62. M. Thottan, and C. Ji Anomaly detection in ip networks IEEE Trans. Signal Process. 51 8 2003 2191 2204
63. B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen Sketch-based change detection: methods, evaluation, and applications IMC'03: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement 2003 ACM New York, NY, USA 234 247 http://dx.doi.org/10.1145/948205.948236
64. V. Bandara, A. Pezeshki, P. Anura, Modeling spatial and temporal behavior of internet traffic anomalies, in: 2010 IEEE 35th Conference on Local Computer Networks (LCN), 2010, pp. 384-391. doi: 10.1109/LCN.2010.5735749.
65. W. Lu, and A.A. Ghorbani Network anomaly detection based on wavelet analysis EURASIP J. Adv. Signal Process 2009 2009 4:1 4:16 10.1155/2009/837601
66. J.D. Brutlag Aberrant behavior detection in time series for network monitoring LISA'00: Proceedings of the 14th USENIX Conference on System Administration 2000 USENIX Association Berkeley, CA, USA 139 146
67. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry Non-Gaussian and long memory statistical characterizations for internet traffic with anomalies IEEE Trans. Depend. Secur. Comput. 4 1 2007 56 70 http://dx.doi.org/10.1109/TDSC.2007.12
68. Y. Gu, A. McCallum, and D. Towsley Detecting anomalies in network traffic using maximum entropy estimation Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, IMC'05 2005 USENIX Association Berkeley, CA, USA 32 < http://dl.acm.org/citation.cfm?id=1251086.1251118 >
69. V. Karamcheti, D. Geiger, Z. Kedem, and S. Muthukrishnan Detecting malicious network traffic using inverse distributions of packet contents MineNet'05: Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data 2005 ACM New York, NY, USA 165 170 http://dx.doi.org/10.1145/1080173.1080176
70. C.-M. Cheng, H. Kung, and K.-S. Tan Use of spectral analysis in defense against dos attacks Global Telecommunications Conference, 2002 GLOBECOM'02 vol. 3 2002 IEEE 2143 2148 http://dx.doi.org/10.1109/GLOCOM.2002.1189011
71. L. Feinstein, D. Schnackenberg, R. Balupari, D. Kindred, Statistical approaches to ddos attack detection and response, in: Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, 2003, pp. 303-314. http://dx.doi.org/10.1109/DISCEX.2003.1194894.
72. W. Lee, and D. Xiang Information-theoretic measures for anomaly detection SP'01: Proceedings of the 2001 IEEE Symposium on Security and Privacy 2001 IEEE Computer Society Washington, DC, USA 130
73. C.E. Shannon Prediction and entropy of printed english Bell Syst. Tech. J. 30 1951 50 64
74. G. Box, G.M. Jenkins, and G. Reinsel Time Series Analysis: Forecasting and Control third ed. 1994 Prentice Hall
75. S.-J. Han, and S.-B. Cho Detecting intrusion with rule-based integration of multiple models Comput. Secur. 22 7 2003 613 623 10.1016/S0167-4048(03)00711-9
76. C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models, in: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, 1999, pp. 133-145. http://dx.doi.org/10.1109/SECPRI.1999.766910.
77. D.-Y. Yeung, and Y. Ding Host-based intrusion detection using dynamic and static behavioral models Pattern Recogn. 36 2003 229 243
78. C. Nikias, and M.R. Raghuveer Bispectrum estimation: a digital signal processing framework Proc. IEEE 75 7 1987 869 891 10.1109/PROC.1987.13824
79. A. Marnerides, D. Pezaros, H. chul Kim, D. Hutchison, Internet traffic classification using energy time-frequency distributions, in: 2013 IEEE International Conference on Communications (ICC), 2013, pp. 2513-2518. http://dx.doi.org/10.1109/ICC.2013.6654911.
80. L. Cohen Time-frequency distributions - a review Proc. IEEE 77 7 1989 941 981 10.1109/5.30749
81. W. Lu, and A.A. Ghorbani Network anomaly detection based on wavelet analysis EURASIP J. Adv. Signal Process 2009 2009 4:1 4:16 10.1155/2009/837601
82. C. Hood, and C. Ji Proactive network-fault detection [telecommunications] IEEE Trans. Reliab. 46 3 1997 333 341 10.1109/24.664004
83. V. Sotiris, P. Tse, and M. Pecht Anomaly detection through a bayesian support vector machine IEEE Trans. Reliab. 59 2 2010 277 286 10.1109/TR.2010.2048740
84. A.W. Moore, and D. Zuev Internet traffic classification using bayesian analysis techniques SIGMETRICS'05: Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems 2005 ACM New York, NY, USA 50 60 http://dx.doi.org/10.1145/1064212.1064220
85. A.K. Marnerides, D. Pezaros, H. Kim, D. Hutchison, Unsupervised two-class and multi-class support vector machines for abnormal traffic characterization, in: 10th International Passive and Active Measurements Conference, PAM Conference Student Workshop, Seoul, South Korea, 2009.
86. A. Hussain, J. Heidemann, and C. Papadopoulos A framework for classifying denial of service attacks SIGCOMM'03: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications 2003 ACM New York, NY, USA 99 110 http://dx.doi.org/10.1145/863955.863968
87. A. Hussain, J. Heidemann, and C. Papadopoulos Identification of repeated denial of service attacks Proceedings of the IEEE Infocom 2006 IEEE Barcelona, Spain < http://www.isi.edu/johnh/PAPERS/Hussain06a.html >
88. M. Loève Probability theory fourth ed. Graduate Texts in Mathematics vol. 46 1978 Springer-Verlag vol. II
89. R. Kalman A new approach to linear filtering and prediction problems J. Basic Eng. 1 82 1960 35 45
90. A. Rényi, On measures of information and entropy, in: Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics and Probability, 1960, pp. 547 - 561.
91. A. Marnerides, S. Malinowski, R. Morla, M. Rodrigues, H. Kim, Towards the improvement of diagnostic metrics fault diagnosis for dsl-based iptv networks using the Renyi entropy, in: Global Communications Conference (GLOBECOM), 2012 IEEE, 2012, pp. 2779-2784. http://dx.doi.org/10.1109/GLOCOM.2012.6503537.
92. C. Tsallis Nonextensive statistics: theoretical, experimental and computational evidences and connections Braz. J. Phys. 29 cond-mat/9903356 1999 1 35
93. S. Ruehrup, P. Urbano, A. Berger, A. D'Alconzo, Botnet detection revisited: theory and practice of finding malicious p2p networks via internet connection graphs, in: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2013, pp. 435-440. http://dx.doi.org/10.1109/INFCOMW.2013.6562902.
94. Y. Zhang, M. Roughan, N. Duffield, and A. Greenberg Fast accurate computation of large-scale ip traffic matrices from link loads Proceedings of the 2003 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS'03 2003 ACM New York, NY, USA 206 217 http://dx.doi.org/10.1145/781027.781053
95. Tcpdump/Libcap Public Repository < http://www.tcpdump.org >.
96. The Dag Project < http://dag.cs.waikato.ac.nz >.
97. J. Schönwälder, A. Pras, M. Harvan, J. Schippers, and R.M. van de SNMP traffic analysis: approaches, tools, and first results Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management, IM'07 2007 IEEE Computer Society Press Piscataway 324 332 < http://doc.utwente.nl/64390/ >
98. T. Oetiker Mrtg - the multi router traffic grapher LISA'98: Proceedings of the 12th USENIX Conference on System Administration 1998 USENIX Association Berkeley, CA, USA 141 148
99. WinpCap: The Packet Capture and Monitoring for Windows < http://www.winpcap.org >.
100. Ipsumdump Tool < http://www.cs.ucla.edu/kohler/ipsumdump/ >.
101. Caida's Coralreef Tool < http://www.caida.org/tools/measurement/coralreef/ >.
102. Wireshark < http://www.wireshark.org >.
103. Snort ad Tool < http://anomalydetection.info/ >.
104. T. Kailath, A.H. Sayed, and B. Hassibi Linear Estimation 2000 Prentice Hall