Journal Article10.1109/TSP.2003.814797
Anomaly detection in IP networks
Marina Thottan,Chuanyi Ji +1 more
TL;DR: A statistical signal processing technique based on abrupt change detection is described that is effective at detecting several network anomalies and has great potential to enhance the field, and thereby improve the reliability of IP networks.
read more
Abstract: Network anomaly detection is a vibrant research area. Researchers have approached this problem using various techniques such as artificial intelligence, machine learning, and state machine modeling. In this paper, we first review these anomaly detection methods and then describe in detail a statistical signal processing technique based on abrupt change detection. We show that this signal processing technique is effective at detecting several network anomalies. Case studies from real network data that demonstrate the power of the signal processing approach to network anomaly detection are presented. The application of signal processing techniques to this area is still in its infancy, and we believe that it has great potential to enhance the field, and thereby improve the reliability of IP networks.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Book
Network Anomaly Detection: A Machine Learning Perspective
Dhruba K. Bhattacharyya,Jugal Kalita +1 more
- 18 Jun 2013
TL;DR: Examining numerous attacks in detail, the authors look at the tools that intruders use and show how to use this knowledge to protect networks.
•Proceedings Article
Anomaly detection using baseline and K-means clustering
Moises F. Lima,Bruno Bogaz Zarpelão,Lucas Dias Hiera Sampaio,Joel J. P. C. Rodrigues,Taufik Abrão,Mario Lemes Proença +5 more
- 09 Nov 2010
TL;DR: The proposed anomaly detection approach classifies data clusters from baseline and real traffic using the K-means combined with PSO, which is a meta-heuristic whose main characteristics include low computational complexity and small number of input parameters dependence.
Anomaly Detection on Servers Using Log Analysis
Mert İnan Saygılı,Saltuk Buğra Özelgül,İlkay Samet Öztürk,Kevser Özdem,Ahmet Orkun Gedik,M. Ali Akçayol +5 more
- 21 Sep 2024
TL;DR: This study develops a deep learning model using a Convolutional Neural Network (CNN) to detect anomalies in server log data, achieving up to 99% accuracy rates and improving debugging and operating efficiency in Hadoop Distributed File System (HDFS) environments.
Analysis of network traffic features for anomaly detection
Félix Iglesias,Tanja Zseby +1 more
TL;DR: This paper proposes a multi-stage feature selection method using filters and stepwise regression wrappers for network traffic based anomaly detection and shows that it can eliminate 13 very costly features and thus reducing the computational effort for on-line feature generation from live traffic observations at network nodes.
References
•Book
Detection, Estimation, And Modulation Theory
Harry L. Van Trees
- 01 Jan 1968
TL;DR: Detection, estimation, and modulation theory, Detection, estimation and modulation theorists, اطلاعات رسانی کشاورزی .
6.2K
On the self-similar nature of Ethernet traffic (extended version)
TL;DR: It is demonstrated that Ethernet LAN traffic is statistically self-similar, that none of the commonly used traffic models is able to capture this fractal-like behavior, and that such behavior has serious implications for the design, control, and analysis of high-speed, cell-based networks.
Application of the Karhunen-Loeve procedure for the characterization of human faces
Michael Kirby,Lawrence Sirovich +1 more
TL;DR: The use of natural symmetries (mirror images) in a well-defined family of patterns (human faces) is discussed within the framework of the Karhunen-Loeve expansion, which results in an extension of the data and imposes even and odd symmetry on the eigenfunctions of the covariance matrix.
2.8K
Practical network support for IP traceback
Stefan Savage,David Wetherall,Anna R. Karlin,Thomas Anderson +3 more
- 28 Aug 2000
TL;DR: A general purpose traceback mechanism based on probabilistic packet marking in the network that allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs).
Related Papers (5)
Paul Barford,Jeffery Kline,David Plonka,Amos Ron +3 more
- 06 Nov 2002
Anukool Lakhina,Mark Crovella,Christophe Diot +2 more
- 30 Aug 2004
Anukool Lakhina,Mark Crovella,Christophe Diot +2 more
- 22 Aug 2005