Network anomaly detection through nonlinear analysis

Anderson D, et al. Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES). Computer Science Laboratory SRI-CSL 95-06, 1995. Brutlag J. Aberrant behavior detection in time series for network monitoring. USENIX fourteenth system administration conference LISA XIV, 2000. Barbar, 2001, Detecting novel network intrusions using Bayes estimators Blazek, 2001, A novel approach to detection of denial-of-service attacks via adaptive sequential and batch-sequential change-point detection methods, 220 Cheng, 2002, Use of spectral analysis in defence against DoS attacks, IEEE GLOBECOM, 2143 Chakraborty, 2004, Self-similar and fractal nature of Internet traffic, Int J Network Manage, 14, 119, 10.1002/nem.512 Casdagli, 1991, State space reconstruction in the presence of noise, Phys D, 51, 52, 10.1016/0167-2789(91)90222-U Chang Dainotti, 2006, Wavelet-based detection of DoS attacks Eckmann, 1985, Ergodic theory of chaos and strange attractors, Rev Mod Phys, 617, 10.1103/RevModPhys.57.617 Eskin, 2002, A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data, Appl Data Mining Computer Security, 10.1007/978-1-4615-0953-0_4 Fraser, 1986, Independent coordinates for strange attractors from mutual information, Phys Rev A, 33, 1134, 10.1103/PhysRevA.33.1134 Garcia-Teodoro, 2009, Anomaly-based network intrusion detection: techniques, systems and challenges, Computers Security, 28, 18, 10.1016/j.cose.2008.08.003 Grassberger, 1983, Characterization of strange attractors, Phys Rev Lett, 50, 10.1103/PhysRevLett.50.346 Gu, 2005, Detecting anomalies in network traffic using maximum entropy estimation Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH. The WEKA data mining software: an update SIGKDD explorations. 11, 1; 2009. Hegger, 1999, Practical implementation of non linear time series method: TISEAN package, Chaos, 9, 413, 10.1063/1.166424 Keys, 2001, The architecture of the CoralReef: Internet Traffic monitoring software suite Kaplan, 1992, Direct test for determinism in a time series, Phys Rev Lett, 68, 427, 10.1103/PhysRevLett.68.427 Kantz, 1994, A robust method to estimate the maximal Lyapunov exponent of a time series, Phys Lett A, 185, 77, 10.1016/0375-9601(94)90991-1 Kennel, 1992, Determing embedding dimension for phase space reconstruction using a geometrical construction, Phys Rev A, 45, 3403, 10.1103/PhysRevA.45.3403 Lin HT, Lin CJ. A study on sigmoid kernels for SVM and the training of non-PSD kernels by SMO-type methods. Technical Report, Neural Computation. Department of Computer Science and Information Engineering, National Taiwan, Taipei, 2003. Leung, 2005, Unsupervised anomaly detection in network intrusion detection using clusters, Vol. 38 Lakhina, 2004, Diagnosing network-wide traffic anomalies Lippmann, 2000, Analysis and results of the 1999 DARPA off-line intrusion detection evaluation, Computer Networks, 34, 579, 10.1016/S1389-1286(00)00139-0 McHugh, 2000, The 1998 Lincoln Laboratory IDS Evaluation (A Critique), 145 Mahoney M, Chan PK. PHAD: packet header anomaly detection for identifying hostile network traffic. Florida Tech. technical report 2001-04, 2001. Mahoney M, Chan PK. Learning models of network traffic for detecting novel attacks. Florida Tech. technical report 2002-08, 2002a. Mahoney, 2002, Learning nonstationary models of normal network traffic for detecting novel attacks, 376 Mahoney, 2003, Network traffic anomaly detection based on packet bytes, 346 Masugi, 2007, Multi-fractal analysis of IP-network traffic for assessing time variations in scaling properties, Phys D, 225, 119, 10.1016/j.physd.2006.10.015 Marwan, 2007, Recurrence plots for the analysis of complex systems, Phys Reports, 438, 237, 10.1016/j.physrep.2006.11.001 Marwan, 2002, Nonlinear analysis of bivariate data with cross recurrence plots, Phys Lett A, 302, 299, 10.1016/S0375-9601(02)01170-2 Oldmeadow, 2004, Adaptive clustering for network intrusion detection Paxson, 1995, The failure of Poisson modeling, IEEE/ACM Trans Networking, 3, 226, 10.1109/90.392383 Packard, 1980, Geometry from a time series, Phys Rev Lett, 45, 712, 10.1103/PhysRevLett.45.712 Priestley, 1988 Provenzale, 1992, Distinguishing between low-dimensional dynamics and randomness in measured time series, Phys D, 58, 31, 10.1016/0167-2789(92)90100-2 Ruelle, 1990, Deterministic chaos: the science and the fiction, Proc R Soc Lond A, 427, 241, 10.1098/rspa.1990.0010 RQA 10.1. http://homepages.luc.edu/∼cwebber. Siris, 2004, Application of anomaly detection algorithms for detecting SYN flooding attacks, IEEE GLOBECOM, 2050 Siris, 2004, Application of anomaly detection algorithms for detecting SYN flooding attacks, Global Telecommun Conf, 29, 2050, 10.1109/GLOCOM.2004.1378372 Shin, 2005, D- SAT: detecting SYN flooding attack by two-stage statistical approach, 430 Shumway, 2000 Spade, Silicon Defense, http://www.silicondefense.com/software/spice/. Sauer, 1991, Embedology, J Stat Phys, 65, 579, 10.1007/BF01053745 Snort: The open-source network intrusion detection system, http://www.snort.org/. Strozzi F, Gutiérrez E, Noc C, Rossi T, Serati M, Zaldívar JM. Application of non-linear time series analysis techniques to the Nordic spot electricity market data, LIUC Paper 200, 2007. Tretyakov, 1998, Phase transition pattern in a computer network, Phys A, 253, 315, 10.1016/S0378-4371(97)00659-6 Takayasu, 2000, Dynamic phase transition observed in the Internet traffic flow, Phys A, 277, 248, 10.1016/S0378-4371(99)00499-9 Talpade, 1999, NOMAD: Traffic-based network monitoring framework for anomaly detection, 442 Taqqu, 1997, Is network traffic self-similar or multifractal?, Fractals, 5, 63, 10.1142/S0218348X97000073 Tsai, 2008, Unsupervised anomaly detection using HDG-Clustering algorithm, Lecture Notes Comp Sci, 4985, 356, 10.1007/978-3-540-69162-4_37 Takens, 1981, Detecting strange attractors in fluid turbulence, 366 Vapnik, 1995 Washington, 2003 Witten, 2005 Webber, 1994, Dynamical assessment of physiological system and status using recurrence plot strategies, J Appl Physiol, 76, 965, 10.1152/jappl.1994.76.2.965 Zbilut, 1992, Embeddings and delays as derived from recurrence quantification analysis, Phys Lett A, 171, 199, 10.1016/0375-9601(92)90426-M Zbilut, 1998, Recurrence quantification analysis and principal components in the detection of short complex signals, Phys Lett A, 237, 131, 10.1016/S0375-9601(97)00843-8