A signal analysis of network traffic anomalies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A signal analysis of network traffic anomalies

Full text

Pdf (1.52 MB)

Source

Internet Measurement Conference archive
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment table of contents

Marseille, France

SESSION: Session 3: inference and statistical analysis table of contents

Pages: 71 - 82

Year of Publication: 2002

ISBN:1-58113-603-X

Authors

Paul Barford	University of Wisconsin, Madison
Jeffery Kline	University of Wisconsin, Madison
David Plonka	University of Wisconsin, Madison
Amos Ron	University of Wisconsin, Madison

Sponsor

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): n/a, Downloads (12 Months): n/a, Citation Count: 74

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/637201.637210 What is a DOI?

ABSTRACT

Identifying anomalies rapidly and accurately is critical to the efficient operation of large computer networks. Accurately characterizing important classes of anomalies greatly facilitates their identification; however, the subtleties and complexities of anomalous traffic can easily confound this process. In this paper we report results of signal analysis of four classes of network traffic anomalies: outages, flash crowds, attacks and measurement failures. Data for this study consists of IP flow and SNMP measurements collected over a six month period at the border router of a large university. Our results show that wavelet filters are quite effective at exposing the details of both ambient and anomalous traffic. Specifically, we show that a pseudo-spline filter tuned at specific aggregation levels will expose distinct characteristics of each class of anomaly. We show that an effective way of exposing anomalies is via the detection of a sharp increase in the local variance of the filtered data. We evaluate traffic anomaly signals at different points within a network based on topological distance from the anomaly source or destination. We show that anomalies can be exposed effectively even when aggregated with a large amount of additional traffic. We also compare the difference between the same traffic anomaly signals as seen in SNMP and IP flow data, and show that the more coarse-grained SNMP data can also be used to expose anomalies effectively.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Paul Barford , David Plonka, Characteristics of network traffic flow anomalies, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505211]
	2	Ramon Caceres, Measurements of Wide Area Internet TraffiC, University of California at Berkeley, Berkeley, CA, 1989
	3	Vern Paxson, Fast, approximate synthesis of fractional Gaussian noise for generating self-similar network traffic, ACM SIGCOMM Computer Communication Review, v.27 n.5, p.5-18, Oct. 1997 [doi>10.1145/269790.269792]
	4	Vern Edward Paxson, Measurements and analysis of end-to-end Internet dynamics, University of California at Berkeley, Berkeley, CA, 1998
	5	Walter Willinger , Murad S. Taqqu , Robert Sherman , Daniel V. Wilson, Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level, IEEE/ACM Transactions on Networking (TON), v.5 n.1, p.71-86, Feb. 1997 [doi>10.1109/90.554723]
	6	P. Abry and D. Veitch, 'Wavelet analysis of long range dependent traffic," IEEE Transactions on Information Theory, vol. 44, no. 1, 1998.
	7	Kimberly Claire Claffy, Internet traffic characterization, University of California at San Diego, La Jolla, CA, 1994
	8	Cynthia S. Hood , Chuanyi Ji, Proactive Network Fault Detection, Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution, p.1147, April 09-11, 1997
	9	Irene Katzela , Mischa Schwartz, Schemes for fault identification in communication networks, IEEE/ACM Transactions on Networking (TON), v.3 n.6, p.753-764, Dec. 1995 [doi>10.1109/90.477721]
	10	Amy Ward , Peter Glynn , Kathy Richardson, Internet service performance failure detection, ACM SIGMETRICS Performance Evaluation Review, v.26 n.3, p.38-43, Dec. 1998 [doi>10.1145/306225.306237]
	11	Frank Feather , Dan Siewiorek , Roy Maxion, Fault detection in an Ethernet network using anomaly signature matching, Conference proceedings on Communications architectures, protocols and applications, p.279-288, September 13-17, 1993, San Francisco, California, United States
	12	Jake D. Brutlag, Aberrant Behavior Detection in Time Series for Network Monitoring, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	13	J. Toelle and O. Niggemann, 'Supporting intrusion detection by graph clustering and graph drawing," in Proceedings of Third International Workshop on Recent Advances in Intrusion Detection RAID 2000, Toulouse, France, October 2000.
	14	K. Fox, R. Henning, J. Reed, and R. Simonian, 'A neural network approach towards intrusion detection," Tech. Rep., Harris Corporation, July 1990.
	15	N. Ye, 'A markov chain model of temporal behavior for anomaly detection," in Workshop on Information Assurance and Security, West Point, NY, June 2000.
	16	D. Moore, G. Voelker, and S. Savage, 'Inferring internet denial-of-service activity," in Proceedings of 2001 USENIX Security Symposium, Washington, DC, August 2001.
	17	Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999 [doi>10.1016/S1389-1286(99)00112-7]
	18	Jaeyeon Jung , Balachander Krishnamurthy , Michael Rabinovich, Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites, Proceedings of the 11th international conference on World Wide Web, May 07-11, 2002, Honolulu, Hawaii, USA [doi>10.1145/511446.511485]
	19	R. Manajan, S. Bellovin, S. Floyd, V. Paxson, S. Shenker, and J. Ioannidis, 'Controlling high bandwidth aggregates in the network," ACIRI Draft paper, February 2001.
	20	Tobias Oetiker, MRTG: The Multi Router Traffic Grapher, Proceedings of the 12th Conference on Systems Administration, p.141-148, December 06-11, 1998
	21	K. McCloghrie and F. Kastenholz, 'The interfaces group MIB,"IETF RFC 2863, June 2000.
	22	Steve Romig, The OSU Flow-tools Package and CISCO NetFlow Logs, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	23	Dave Plonka, FlowScan: A Network Traffic Flow Reporting and Visualization Tool, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	24	Cisco IOS NetFlow, 'http://www.cisco.com/go/netfbw:' 2002.
	25	I. Daubechies, B. Han, A. Ron, and Z. Shen, 'Framelets: MRA-based constructions of wavelet frames," Preprint: ftp://ftp:cs.wisc.edu/Approx/dhrs.ps, 2001.
	26	Emmanuel Bacry, 'Lastwave:' http://www.cmap.polvtechnique.fr/~bacrv/ Last Wave.
	27	P. Brockwell and R. Davis, Introduction to Time Series and Forecasting, Springer, 1996.

CITED BY 74

	Alefiya Hussain , John Heidemann , Christos Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany
	Haining Wang , Danlu Zhang , Kang G. Shin, Change-Point Monitoring for the Detection of DoS Attacks, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.193-208, October 2004
	Balachander Krishnamurthy , Subhabrata Sen , Yin Zhang , Yan Chen, Sketch-based change detection: methods, evaluation, and applications, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA
	Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA
	Tom Anderson , Timothy Roscoe , David Wetherall, Preventing Internet denial-of-service with capabilities, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
	Alefiya Hussain , John Heidemann , Christos Papadopoulos, Distinguishing between single and multi-source attacks using signal processing, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.46 n.4, p.479-503, 15 November 2004
	Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004
	Tsuyoshi IDÉ , Hisashi KASHIMA, Eigenspace-based anomaly detection in computer systems, Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, August 22-25, 2004, Seattle, WA, USA
	Matthew Roughan , Tim Griffin , Z. Morley Mao , Albert Greenberg , Brian Freeman, IP forwarding anomalies and improving their detection using multiple data sources, Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality, September 03-03, 2004, Portland, Oregon, USA
	Matthew Roughan , Tim Griffin , Morley Mao , Albert Greenberg , Brian Freeman, Combining routing and traffic data for detection of IP forwarding anomalies, ACM SIGMETRICS Performance Evaluation Review, v.32 n.1, June 2004
	Matthew Roughan , Subhabrata Sen , Oliver Spatscheck , Nick Duffield, Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
	Yin Zhang , Sumeet Singh , Subhabrata Sen , Nick Duffield , Carsten Lund, Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
	Ramana Rao Kompella , Sumeet Singh , George Varghese, On scalable attack detection in the network, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
	Anukool Lakhina , Konstantina Papagiannaki , Mark Crovella , Christophe Diot , Eric D. Kolaczyk , Nina Taft, Structural analysis of network traffic flows, ACM SIGMETRICS Performance Evaluation Review, v.32 n.1, June 2004
	Anukool Lakhina , Mark Crovella , Christiphe Diot, Characterization of network-wide anomalies in traffic flows, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
	Kuai Xu , Zhi-Li Zhang , Supratik Bhattacharyya, Profiling internet backbone traffic: behavior models and applications, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
	Anukool Lakhina , Mark Crovella , Christophe Diot, Diagnosing network-wide traffic anomalies, ACM SIGCOMM Computer Communication Review, v.34 n.4, October 2004
	Anukool Lakhina , Mark Crovella , Christophe Diot, Mining anomalies using traffic feature distributions, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
	Matthew Roughan , Yin Zhang, Secure distributed data-mining and its application to large-scale network measurements, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006
	Matthew Roughan , Yin Zhang, Secure distributed data-mining and its application to large-scale network measurements, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006
	Fabio Ricciato , Francesco Vacirca , Martin Karner, Bottleneck detection in UMTS via TCP passive monitoring: a real case, Proceedings of the 2005 ACM conference on Emerging network experiment and technology, October 24-27, 2005, Toulouse, France
	Cristian Estan , Ken Keys , David Moore , George Varghese, Building a better NetFlow, ACM SIGCOMM Computer Communication Review, v.34 n.4, October 2004
	Brent Waters , Ari Juels , J. Alex Halderman , Edward W. Felten, New client puzzle outsourcing techniques for DoS resistance, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Zhihong Tian , Binxing Fang , Xiaochun Yun, Defending Against Flash Crowds and Malicious Traffic Attacks with An Auction-Based Method, Proceedings of the 2004 IEEE/WIC/ACM International Conference on Web Intelligence, p.24-28, September 20-24, 2004
	Xin Li , Fang Bian , Mark Crovella , Christophe Diot , Ramesh Govindan , Gianluca Iannaccone , Anukool Lakhina, Detection and identification of network anomalies using sketch subspaces, Proceedings of the 6th ACM SIGCOMM on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil
	Jianning Mai , Chen-Nee Chuah , Ashwin Sridharan , Tao Ye , Hui Zang, Is sampled data sufficient for anomaly detection?, Proceedings of the 6th ACM SIGCOMM on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil
	Daniela Brauckhoff , Bernhard Tellenbach , Arno Wagner , Martin May , Anukool Lakhina, Impact of packet sampling on anomaly detection metrics, Proceedings of the 6th ACM SIGCOMM on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil
	Christos Siaterlis , Vasilis Maglaris, One step ahead to multisensor data fusion for DDoS detection, Journal of Computer Security, v.13 n.5, p.779-806, October 2005
	Jouni Viinikka , Hervé Debar , Ludovic Mé , Renaud Séguier, Time series modeling for IDS alert management, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Ashwin Lall , Vyas Sekar , Mitsunori Ogihara , Jun Xu , Hui Zhang, Data streaming algorithms for estimating entropy of network traffic, ACM SIGMETRICS Performance Evaluation Review, v.34 n.1, June 2006
	Yu Chen , Kai Hwang, Collaborative detection and filtering of shrew DDoS attacks using spectral analysis, Journal of Parallel and Distributed Computing, v.66 n.9, p.1137-1151, September 2006
	Ramana Rao Kompella , Sumeet Singh , George Varghese, On scalable attack detection in the network, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.14-25, February 2007
	William Aiello , Anna Gilbert , Brian Rexroad , Vyas Sekar, Sparse approximations for high fidelity compression of network traffic data, Proceedings of the Internet Measurement Conference 2005 on Internet Measurement Conference, p.22-22, October 19-21, 2005, Berkeley, CA
	Yin Zhang , Zihui Ge , Albert Greenberg , Matthew Roughan, Network anomography, Proceedings of the Internet Measurement Conference 2005 on Internet Measurement Conference, p.30-30, October 19-21, 2005, Berkeley, CA
	Yu Gu , Andrew McCallum , Don Towsley, Detecting anomalies in network traffic using maximum entropy estimation, Proceedings of the Internet Measurement Conference 2005 on Internet Measurement Conference, p.32-32, October 19-21, 2005, Berkeley, CA
	Fabio Ricciato , Francesco Vacirca , Philipp Svoboda, Diagnosis of capacity bottlenecks via passive monitoring in 3G networks: An empirical analysis, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.4, p.1205-1231, March, 2007
	Lingyun Yang , Chuang Liu , Jennifer M. Schopf , Ian Foster, Anomaly detection and diagnosis in grid environments, Proceedings of the 2007 ACM/IEEE conference on Supercomputing, November 10-16, 2007, Reno, Nevada
	Flip Korn , S. Muthukrishnan , Yunyue Zhu, Checks and balances: monitoring data quality problems in network traffic databases, Proceedings of the 29th international conference on Very large data bases, p.536-547, September 09-12, 2003, Berlin, Germany
	Haakon Ringberg , Augustin Soule , Jennifer Rexford , Christophe Diot, Sensitivity of PCA for traffic anomaly detection, ACM SIGMETRICS Performance Evaluation Review, v.35 n.1, June 2007
	Yiyi Huang , Nick Feamster , Anukool Lakhina , Jim (Jun) Xu, Diagnosing network disruptions with network-wide analysis, ACM SIGMETRICS Performance Evaluation Review, v.35 n.1, June 2007
	Nong Ye , Bashettihalli Harish , Toni Farley, Attack profiles to derive data observations, features, and characteristics of cyber attacks, Information-Knowledge-Systems Management, v.5 n.1, p.23-47, January 2005
	Robert Schweller , Zhichun Li , Yan Chen , Yan Gao , Ashish Gupta , Yin Zhang , Peter A. Dinda , Ming-Yang Kao , Gokhan Memik, Reversible sketches: enabling monitoring and analysis over high-speed data streams, IEEE/ACM Transactions on Networking (TON), v.15 n.5, p.1059-1072, October 2007
	Guillaume Dewaele , Kensuke Fukuda , Pierre Borgnat , Patrice Abry , Kenjiro Cho, Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures, Proceedings of the 2007 workshop on Large scale attack defense, August 27-27, 2007, Kyoto, Japan
	Bruno Bogaz Zarpelão , Leonardo De Souza Mendes , Mario Lemes Proença, Jr., Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment, Journal of Network and Systems Management, v.15 n.2, p.267-283, June 2007
	Hajime Inoue , Dana Jansens , Abdulrahman Hijazi , Anil Somayaji, NetADHICT: a tool for understanding network traffic, Proceedings of the 21st conference on 21st Large Installation System Administration Conference, p.1-9, November 11-16, 2007, Dallas
	Challa S. Sastry , Sanjay Rawat , Arun K. Pujari , V. P. Gulati, Network traffic analysis using singular value decomposition and multiscale transforms, Information Sciences: an International Journal, v.177 n.23, p.5275-5291, December, 2007
	Seong Soo Kim , A. L. Narasimha Reddy, Statistical techniques for detecting traffic anomalies through packet header data, IEEE/ACM Transactions on Networking (TON), v.16 n.3, p.562-575, June 2008
	Harsh Singhal , George Michailidis, Optimal sampling in state space models with applications to network monitoring, ACM SIGMETRICS Performance Evaluation Review, v.36 n.1, June 2008
	Glenn Carl , George Kesidis , Richard R. Brooks , Suresh Rai, Denial-of-Service Attack-Detection Techniques, IEEE Internet Computing, v.10 n.1, p.82-89, January 2006
	Antoine Scherrer , Nicolas Larrieu , Philippe Owezarski , Pierre Borgnat , Patrice Abry, Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies, IEEE Transactions on Dependable and Secure Computing, v.4 n.1, p.56-70, January 2007
	Fernando Silveira , Christophe Diot, Identifying statistically anomalous regions in time series of network traffic, Proceedings of the 2007 ACM CoNEXT conference, December 10-13, 2007, New York, New York
	Haakon Ringberg , Matthew Roughan , Jennifer Rexford, The need for simulation in evaluating anomaly detectors, ACM SIGCOMM Computer Communication Review, v.38 n.1, January 2008
	Haakon Ringberg , Augustin Soule , Jennifer Rexford, WebClass: adding rigor to manual labeling of traffic anomalies, ACM SIGCOMM Computer Communication Review, v.38 n.1, January 2008
	Harsha V. Madhyastha , Balachander Krishnamurthy, A generic language for application-specific flow sampling, ACM SIGCOMM Computer Communication Review, v.38 n.2, April 2008
	Muhai Li , Ming Li , Xiuying Jiang, DDoS attacks detection model and its application, WSEAS Transactions on Computers, v.7 n.8, p.1159-1168, August 2008
	Harshit Nayyar , Ali A. Ghorbani, Approximate autoregressive modeling for network attack detection, Journal of Computer Security, v.16 n.2, p.165-197, April 2008
	Anirudh Ramachandran , Srinivasan Seetharaman , Nick Feamster , Vijay Vazirani, Fast monitoring of traffic subpopulations, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, October 20-22, 2008, Vouliagmeni, Greece
	Konstantinos G. Kyriakopoulos , David J. Parish, A system for online compression of high-speed network measurements, International Journal of Internet Protocol Technology, v.3 n.2, p.95-106, September 2008
	George Nychis , Vyas Sekar , David G. Andersen , Hyong Kim , Hui Zhang, An empirical evaluation of entropy-based traffic anomaly detection, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, October 20-22, 2008, Vouliagmeni, Greece
	Partha Kanuparthy , Constantine Dovrolis , Mostafa Ammar, Spectral probing, crosstalk and frequency multiplexing in internet paths, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, October 20-22, 2008, Vouliagmeni, Greece
	Xiaowei Yang , David Wetherall , Thomas Anderson, TVA: a DoS-limiting network architecture, IEEE/ACM Transactions on Networking (TON), v.16 n.6, p.1267-1280, December 2008
	Xinming He , Christos Papadopoulos , John Heidemann , Urbashi Mitra , Usman Riaz, Remote detection of bottleneck links using spectral and statistical methods, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.3, p.279-298, February, 2009
	Muhai Li , Ming Li, A method of run-time detecting DDos attacks, Proceedings of the 12th WSEAS international conference on Computers, p.393-398, July 23-25, 2008, Heraklion, Greece
	Romain Fontugne , Toshio Hirotsu , Kensuke Fukuda, An image processing approach to traffic anomaly detection, Proceedings of the 4th Asian Conference on Internet Engineering, November 18-20, 2008, Pratunam, Bangkok, Thailand
	Harshit Nayyar , Ali A Ghorbani, Approximate autoregressive modeling for network attack detection, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
	Ping Du , Shunji Abe, IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1274-1281, May 2008
	Jouni Viinikka , Hervé Debar , Ludovic Mé , Anssi Lehikoinen , Mika Tarvainen, Processing intrusion detection alert aggregates with time series modeling, Information Fusion, v.10 n.4, p.312-324, October, 2009
	Ajay Mahimkar , Jennifer Yates , Yin Zhang , Aman Shaikh , Jia Wang , Zihui Ge , Cheng Tien Ee, Troubleshooting chronic conditions in large IP networks, Proceedings of the 2008 ACM CoNEXT Conference, p.1-12, December 09-12, 2008, Madrid, Spain
	Ruben D. Torres , Mohammad Y. Hajjat , Sanjay G. Rao , Marco Mellia , Maurizio M. Munafo, Inferring undesirable behavior from P2P traffic analysis, Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems, June 15-19, 2009, Seattle, WA, USA
	Yin Zhang , Matthew Roughan , Walter Willinger , Lili Qiu, Spatio-temporal compressive sensing and internet traffic matrices, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009
	Ioannis Ch. Paschalidis , Georgios Smaragdakis, Spatio-temporal network anomaly detection by assessing deviations of empirical measures, IEEE/ACM Transactions on Networking (TON), v.17 n.3, p.685-697, June 2009
	Savio Lau , Ljiljana Trajković, Analysis of traffic data from a hybrid satellite-terrestrial network, The Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness & Workshops, August 14-17, 2007, Vancouver, Canada
	Wei Lu , Ali A. Ghorbani, Network anomaly detection based on wavelet analysis, EURASIP Journal on Advances in Signal Processing, 2009, p.1-16, January 2009
	Chin-Tser Huang , Jeff Janies, An adaptive approach to granular real-time anomaly detection, EURASIP Journal on Advances in Signal Processing, 2009, p.1-13, January 2009