- 1.K. Claffy, G. Polyzos, and H.-W. Braun, "Internet traffic flow profiling," Tech. Rep. TR-CS93-328, University of California San Diego, November 1989.Google Scholar
- 2.D. Plonka, "Flowscan: A network traffic flow reporting and visualization tool," in Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, New Orleans, LA, December 2000. Google ScholarDigital Library
- 3.Cisco's 10s Netflow Feature, http:flwww.cisco.comiwrapipublicl732/netflow.Google Scholar
- 4.R. Cficeres, "Measurements of wide-area Internet traffic," Tech. Rep. UCB/CSD 89/550, Computer Science Department, University of California, Berkeley, 1989. Google ScholarDigital Library
- 5.V. Paxson, Measurements and Analysis of End-to-End Internet Dynamics, Ph.D. thesis, University of California Berkeley, 1997. Google ScholarDigital Library
- 6.V. Paxson and S. Floyd, "Wide-area traffic: The failure of Poisson modeling," IEEE/ACM Transactions on Networking, vol. 3(3), pp. 226-244, June 1995. Google ScholarDigital Library
- 7.W. Willinger, M. Taqqu, R. Sherman, and D. Wilson, "Selfsimilarity through high-variability: Statistical analysis of Ethernet LAN traffic at the source level," IEEE/ACM Transactions on Networking, vol. 5, no. 1, pp. 71-86, February 1997. Google ScholarDigital Library
- 8.P. Abry and D. Veitch, "Wavelet analysis of long range dependent traffic," IEEE Transactions on Information Theory, vol. 44, no. 1, 1998. Google ScholarDigital Library
- 9.K. Claffy, Internet TrafJ;c Characterization, Ph.D. thesis, University of California, San Diego, 1994. Google ScholarDigital Library
- 10.I. Katzela and M. Schwartz, "Schemes for fault identificaiton in communicaitons networks," IEEE/ACM Transactions on Networking, vol. 3(6), pp. 753-764, December 1995. Google ScholarDigital Library
- 11.F. Feather, D. Siewiorek, and R. Maxion, "Fault detection in an ethernet network using anomaly signature matching," in Proceedings of ACM SIGCOMM '93, San Francisco, CA, September 2000. Google ScholarDigital Library
- 12.J. Brutlag, "Aberrant behavior detection in time series for network monitoring," in Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, New Orleans, LA, December 2000. Google ScholarDigital Library
- 13.C. Hood and C. Ji, "Proactive network fault detection," in Proceedings of IEEE INFOCOM '97, Kobe, Japan, April 1997. Google ScholarDigital Library
- 14.J. Toelle and O. Niggemann, "Supporting intrusion detection by graph clustering and graph drawing," in Proceedings of Third International Workshop on Recent Advances in Intrusion Detection RAID 2000, Toulouse, France, October 2000.Google Scholar
- 15.K. Fox, R. Henning, J. Reed, and R. Simonian, "A neural network approach towards intrusion detection," Tech. Rep., Harris Corporation, July 1990.Google Scholar
- 16.N. Ye, "A markov chain model of temporal behavior for anomaly detection," in Workshop on Information Assurance and Security, West Point, NY, June 2000.Google Scholar
- 17.D. Moore, G. Voelker, and S. Savage, "Inferring intemet denial-ofservice activity," in Proceedings of 2001 USENIX Security Symposium, Washington, DC, August 2001. Google ScholarDigital Library
- 18.V. Paxson, "Bra: A system for detecting network intruders in real-time," Computer Networks, vol. 31, no. 23-24, pp. 2435- 2463, 1999. Google ScholarDigital Library
- 19.R. Manajan, S. Bellovin, S. Floyd, V. Paxson, S. Shenker, and J. Ioannidis, "Controlling high bandwidth aggregates in the network," ACIRI Draft paper, February 2001.Google Scholar
Index Terms
- Characteristics of network traffic flow anomalies
Recommendations
Diagnosing network-wide traffic anomalies
Anomalies are unusual and significant changes in a network's traffic levels, which can often span multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret ...
The Impact of Cooperative Adaptive Cruise Control on Traffic-Flow Characteristics
Cooperative adaptive cruise control (CACC) is an extension of ACC. In addition to measuring the distance to a predecessor, a vehicle can also exchange information with a predecessor by wireless communication. This enables a vehicle to follow its ...
Diagnosing network-wide traffic anomalies
SIGCOMM '04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communicationsAnomalies are unusual and significant changes in a network's traffic levels, which can often span multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret ...
Comments