A wavelet-based anomaly detection for outbound network traffic

Monitoring and detecting network anomalies are indispensable activities for network administrators. Most anomaly detection techniques focus on inbound traffic (traffic from the Internet entering a customer network) rather than outbound traffic. However, anomalous inbound traffic patterns will be significantly different from anomalous outbound traffic. For network operators, outbound traffic is as important as inbound traffic because they can monitor unwanted activities in their networks to prevent it from affecting other networks.

[1]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[2]  Antonio Pescapè,et al.  NIS04-1: Wavelet-based Detection of DoS Attacks , 2006, IEEE Globecom 2006.

[3]  Anja Feldmann,et al.  A non-instrusive, wavelet-based approach to detecting network performance problems , 2001, IMW '01.

[4]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, GLOBECOM.

[5]  Bernhard Plattner,et al.  Entropy based worm and anomaly detection in fast IP networks , 2005, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05).

[6]  K. Limthong,et al.  Wavelet-Based Unwanted Traffic Time Series Analysis , 2008, 2008 International Conference on Computer and Electrical Engineering.

[7]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[8]  Kai Hwang,et al.  Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks , 2007, 2007 IEEE International Conference on Communications.

[9]  Tsuneo Katsuyama,et al.  A wavelet-based framework for proactive detection of network misconfigurations , 2004, NetT '04.

[10]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[11]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[12]  Ling Huang,et al.  Compromising PCA-based Anomaly Detectors for Network-Wide Traffic , 2008 .

[13]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[14]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[15]  Jennifer Rexford,et al.  Sensitivity of PCA for traffic anomaly detection , 2007, SIGMETRICS '07.

[16]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[17]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[18]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[19]  Gyungho Lee,et al.  DDoS Attack Detection and Wavelets , 2005, Telecommun. Syst..