Daniela Brauckhoff

TL;DR: This paper uses meta-data provided by several histogram-based detectors to identify suspicious flows, and then applies association rule mining to find and summarize anomalous flows, which significantly reduces the work-hours needed for analyzing alarms, making anomaly detection systems more practical.

TL;DR: This work introduced a generic technique that uses frequent itemset mining to automatically extract and summarize the traffic flows causing an anomaly and showed that it works surprisingly well extracting the anomalous flows in most studied cases using sampled and unsampled NetFlow traces from two networks.

TL;DR: This work presents ANEX (ANomaly EXposure), a simple and intuitive measure for comparing anomaly detection metrics regarding their capability to expose certain types of anomalies and illustrates the applicability of the measure by comparing 15 frequently-used detection metrics for the Blaster worm.

TL;DR: A flexible service deployment architecture for the automated, on-demand deployment of distributed services in programmable networks by utilizing modular building blocks, namely navigation patterns, aggregation patterns, and capability functions, and the definition of a corresponding service descriptor.