
This Article  
 
Share  
Bibliographic References  
Add to:  
Digg Furl Spurl Blink Simpy Del.icio.us Y!MyWeb  
Search  
 
ASCII Text  x  
Federico SimmrossWattenberg, Juan Ignacio AsensioPérez, Pablo CasasecadelaHiguera, Marcos MartínFernández, Ioannis A. Dimitriadis, Carlos AlberolaLópez, "Anomaly Detection in Network Traffic Based on Statistical Inference and \alphaStable Modeling," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 4, pp. 494509, July/August, 2011.  
BibTex  x  
@article{ 10.1109/TDSC.2011.14, author = {Federico SimmrossWattenberg and Juan Ignacio AsensioPérez and Pablo CasasecadelaHiguera and Marcos MartínFernández and Ioannis A. Dimitriadis and Carlos AlberolaLópez}, title = {Anomaly Detection in Network Traffic Based on Statistical Inference and \alphaStable Modeling}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {8}, number = {4}, issn = {15455971}, year = {2011}, pages = {494509}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.14}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }  
RefWorks Procite/RefMan/Endnote  x  
TY  JOUR JO  IEEE Transactions on Dependable and Secure Computing TI  Anomaly Detection in Network Traffic Based on Statistical Inference and \alphaStable Modeling IS  4 SN  15455971 SP494 EP509 EPD  494509 A1  Federico SimmrossWattenberg, A1  Juan Ignacio AsensioPérez, A1  Pablo CasasecadelaHiguera, A1  Marcos MartínFernández, A1  Ioannis A. Dimitriadis, A1  Carlos AlberolaLópez, PY  2011 KW  Traffic analysis KW  anomaly detection KW  \alphastable distributions KW  statistical models KW  hypothesis testing KW  ROC curves. VL  8 JA  IEEE Transactions on Dependable and Secure Computing ER   
[1] A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, “NonGaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies,” IEEE Trans. Dependable and Secure Computing, vol. 4, no. 1, pp. 5670, Jan. 2007.
[2] M. Thottan and C. Ji, “Anomaly Detection in IP Networks,” IEEE Trans. Signal Processing, vol. 51, no. 8, pp. 21912204, Aug. 2003.
[3] C. Manikopoulos and S. Papavassiliou, “Network Intrusion and Fault Detection: A Statistical Anomaly Approach,” IEEE Comm. Magazine, vol. 40, no. 10, pp. 7682, Oct. 2002.
[4] Y. Gu, A. McCallum, and D. Towsley, “Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation,” Proc. Internet Measurement Conf., Oct. 2005.
[5] A. Lakhina, M. Crovella, and C. Diot, “Diagnosing NetworkWide Traffic Anomalies,” Proc. ACM SIGCOMM '04, pp. 219230, Aug. 2005.
[6] P. Barford, J. Kline, D. Plonka, and A. Ron, “A Signal Analysis of Network Traffic Anomalies,” Proc. Second ACM SIGCOMM Workshop Internet Measurement, pp. 7182, Nov. 2002.
[7] A. Ray, “Symbolic Dynamic Analysis of Complex Systems for Anomaly Detection,” Signal Processing, vol. 84, no. 7, pp. 11151130, 2004.
[8] S.C. Chin, A. Ray, and V. Rajagopalan, “Symbolic Time Series Analysis for Anomaly Detection: A Comparative Evaluation,” Signal Processing, vol. 85, no. 9, pp. 18591868, 2005.
[9] A. Wagner and B. Plattner, “Entropy Based Worm and Anomaly Detection in Fast IP Networks,” Proc. 14th IEEE Int'l Workshops Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 172177, June 2005.
[10] M. Ramadas, S. Ostermann, and B. Tjaden, “Detecting Anomalous Network Traffic with SelfOrganizing Maps,” Proc. Sixth Int'l Symp. Recent Advances in Intrusion Detection, pp. 3654, 2003.
[11] S.T. Sarasamma, Q.A. Zhu, and J. Huff, “Hierarchical Kohonen Net for Anomaly Detection in Network Security,” IEEE Trans. Systems, Man and Cybernetics, Part B: Cybernetics, vol. 35, no. 2, pp. 302312, Apr. 2005.
[12] V. AlarconAquino and J.A. Barria, “Anomaly Detection in Communication Networks Using Wavelets,” IEE Proc.—Comm., vol. 148, no. 6, pp. 355362, Dec. 2001.
[13] L. Kleinrock, Queueing Systems, Volume 2: Computer Applications. John Wiley and Sons, 1976.
[14] W. Willinger, M.S. Taqqu, R. Sherman, and D.V. Wilson, “SelfSimilarity through HighVariability: Statistical Analysis of Ethernet LAN Traffic at the Source Level,” IEEE/ACM Trans. Networking, vol. 5, no. 1, pp. 7186, Feb. 1997.
[15] G. Samorodnitsky and M.S. Taqqu, Stable NonGaussian Random Processes: Stochastic Models with Infinite Variance. Chapman & Hall, 1994.
[16] F. SimmrossWattenberg, A. TristánVega, P. Casasecadela Higuera, J.I. AsensioPérez, M. MartínFernández, Y.A. Dimitriadis, and C. AlberolaLópez, “Modelling Network Traffic as $\alpha$ Stable Stochastic Processes: An Approach Towards Anomaly Detection,” Proc. VII Jornadas de Ingeniería Telemática (JITEL), pp. 2532, Sept. 2008.
[17] G.R. Arce, Nonlinear Signal Processing: A Statistical Approach. John Wiley and Sons, 2005.
[18] J. Jiang and S. Papavassiliou, “Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction,” J. Network and Systems Management, vol. 12, no. 1, pp. 5172, Mar. 2004.
[19] W. Yan, E. Hou, and N. Ansari, “Anomaly Detection and Traffic Shaping under SelfSimilar Aggregated Traffic in Optical Switched Networks,” Proc. Int'l Conf. Comm. Technology (ICCT '03), vol. 1, pp. 378381, Apr. 2003.
[20] J. Brutlag, “Aberrant Behavior Detection in Time Series for Network Monitoring,” Proc. USENIX 14th System Administration Conf. (LISA), pp. 139146, Dec. 2000.
[21] V. Paxson and S. Floyd, “Wide Area Traffic: The Failure of Poisson Modelling,” IEEE/ACM Trans. Networking, vol. 3, no. 3, pp. 226244, June 1995.
[22] Internet Traffic Archive, http:/ita.ee.lbl.gov/, 2011.
[23] Waikato Internet Traffic Storage, http://wand.cs.waikato.ac.nzwits/, 2011.
[24] Cooperative Assoc. for Internet Data Analysis, http:/www. caida.org/, 2011.
[25] DiRT Group's Home Page, Univ. of North Carolina, http://www dirt.cs.unc.eduts/, 2010.
[26] “Metrology for Security and Quality of Service,” http://www.laas.frMETROSEC/, 2011.
[27] B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen, “SketchBased Change Detection: Methods, Evaluation, and Applications,” Proc. Internet Measurement Conf. (IMC), pp. 234247, Oct. 2003.
[28] DDoSVax, http://www.tik.ee.ethz.chddosvax/, 2010.
[29] S. Stolfo et al., “The Third International Knowledge Discovery and Data Mining Tools Competition,” http://kdd.ics.uci.edu/ databases/kddcup99 kddcup99.html, 2011.
[30] G. Cormode and S. Muthukrishnan, “What's New: Finding Significant Differences in Network Data Streams,” IEEE/ACM Trans. Networking, vol. 13, no. 6, pp. 12191232, Dec. 2005.
[31] Cisco Systems, “Cisco IOS NetFlow,” http://www.cisco.com/web/gonetflow, 2011.
[32] A. Papoulis, Probability, Random Variables, and Stochastic Processes, third ed., McGrawHill, 1991.
[33] W. Leland, M. Taqqu, W. Willinger, and D. Wilson, “On the SelfSimilar Nature of Ethernet Traffic (Extended Version),” IEEE/ACM Trans. Networking, vol. 2, no. 1, pp. 115, Feb. 1994.
[34] P. Embrechts and M. Maejima, Selfsimilar Processes. Princeton Univ. Press, 2002.
[35] Lévy Processes: Theory and Applications, O.E. BarndorffNielsen, T. Mikosch, and S.I. Resnick, eds., Birkhäuser, 2001.
[36] J.R. Gallardo, D. Makrakis, and L. OrozcoBarbosa, “Use of $\alpha$ Stable SelfSimilar Stochastic Processes for Modelling Traffic in Broadband Networks,” Performance Evaluation, vol. 40, pp. 7198, 2000.
[37] A. Karasaridis and D. Hatzinakos, “Network Heavy Traffic Modeling Using $\alpha$ Stable Self Similar Processes,” IEEE Trans. Comm., vol. 49, no. 7, pp. 12031214, July 2001.
[38] T. Mikosch, S. Resnick, H. Rootzén, and A. Stegeman, “Is Network Traffic Approximated by Stable Lévy Motion or Fractional Brownian Motion?” The Annals of Applied Probability, vol. 12, no. 1, pp. 2368, 2002.
[39] S.M. Kay, Fundamentals of Statistical Signal Processing, Volume 2: Detection Theory. Prentice Hall, 1998.
[40] Iperf, http:/iperf.sourceforge.net/, 2011.
[41] “Apache JMeter,” The Apache Jakarta Project, Apache Software Foundation, http://jakarta.apache.orgjmeter/, 2011.
[42] Z. Liu, N. Niclausse, and C. JalpaVillanueva, “Traffic Model and Performance Evaluation of Web Servers,” Performance Evaluation, vol. 46, nos. 23, pp. 77100, 2001.
[43] M.A. Stephens, “EDF Statistics for Goodness of Fit and Some Comparisons,” J. Am. Statistical Assoc., vol. 69, no. 347, pp. 730737, 1974.
[44] M.S. Weiss, “Modification of the KolmogorovSmirnov Statistic for Use with Correlated Data,” J. Am. Statistical Assoc., vol. 73, no. 364, pp. 872875, 1978.
[45] R.S. Deo, “On Estimation and Testing Goodness of Fit for $m$ Dependent Stable Sequences,” J. Econometrics, vol. 99, pp. 349372, 2000.
[46] L.J. Glesser and D.S. Moore, “The Effect of Dependence on ChiSquared and Empiric Distribution Tests of Fit,” The Annals of Statistics, vol. 11, no. 4, pp. 11001108, 1983.
[47] A.K. Jain, R.P.W. Duin, and J. Mao, “Statistical Pattern Recognition: A Review,” IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 22, no. 1, pp. 437, Jan. 2000.
[48] S.J. Press and S. Wilson, “Choosing between Logistic Regression and Discriminant Analysis,” J. Am. Statistical Assoc., vol. 73, no. 364, pp. 699705, 1978.
[49] “MATLAB—The Language of Technical Computing,” Mathworks, Inc, http://www.mathworks.com/productsmatlab/, 2011.
[50] B. Rosner, Fundamentals of Biostatistics. Duxbury Thomson Learning, 2000.
[51] A. Stavrou, G.F. CretuCiocarlie, M.E. Locasto, and S.J. Stolfo, “Keep Your Friends Close: The Necessity for Updating an Anomaly Sensor with Legitimate Environment Changes,” Proc. ACM/CSS Workshop Security and Artificial Intelligence (AISec), 2009.
[52] G.F. CretuCiocarlie, A. Stavrou, M.E. Locasto, and S.J. Stolfo, “Adaptive Anomaly Detection via SelfCalibration and Dynamic Updating,” Proc. 12th Int'l Symp. Recent Advances in Intrusion Detection (RAID), Sept. 2009.
[53] G. MaciáFernández, J. DíazVerdejo, and P. GarcíaTeodoro, “Evaluation of a LowRate DoS Attack against Application Servers,” Computers and Security, vol. 27, pp. 335354, 2008.