2003
DOI: 10.1109/tsp.2003.814797
|View full text |Cite
|
Sign up to set email alerts
|

Anomaly detection in IP networks

Abstract: Network anomaly detection is a vibrant research area. Researchers have approached this problem using various techniques such as artificial intelligence, machine learning, and state machine modeling. In this paper, we first review these anomaly detection methods and then describe in detail a statistical signal processing technique based on abrupt change detection. We show that this signal processing technique is effective at detecting several network anomalies. Case studies from real network data that demonstra… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

1
260
0
25

Year Published

2012
2012
2018
2018

Publication Types

Select...
8
1

Relationship

0
9

Authors

Journals

citations
Cited by 456 publications
(286 citation statements)
references
References 36 publications
1
260
0
25
Order By: Relevance
“…Different from these algorithms, we formulate the task as an optimization problem and incorporate different misclassification cost into its objective function, considering links between hosts and domains. Network anomaly detection [5,12,13,15,19,21] has attracted much attention. These algorithms adopt different data mining techniques to learn models on hosts and domains separately.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Different from these algorithms, we formulate the task as an optimization problem and incorporate different misclassification cost into its objective function, considering links between hosts and domains. Network anomaly detection [5,12,13,15,19,21] has attracted much attention. These algorithms adopt different data mining techniques to learn models on hosts and domains separately.…”
Section: Related Workmentioning
confidence: 99%
“…An important task is to judge whether a host/domain is malicious or benign (i.e., negative or positive labels). To learn their labels, existing approaches [5,12,13,15,16,19,21] usually train two different models on hosts and domains, separately. Among these approaches, classification algorithms [1][2][3]9,10,17] are widely used to detect if a host/domain is malicious.…”
mentioning
confidence: 99%
“…Anomalies appear due to network intrusions and attacks, but also because of malfunctioning devices or network overloads. According to Thottan and Ji (2003), we define an anomaly as any circumstance that makes network traffic deviate from normal behaviour. Since we work with labeled data, we consider an anomaly any vector not labeled as normal traffic in the database, i.e.…”
Section: Network Data For Anomaly Detectionmentioning
confidence: 99%
“…The concept of anomaly detection is to detect something which is different from the knowledge provided [3][4][5][6][7], with the system detecting everything not in its knowledge base as anomalous. More specifically, this genre of approaches relies on the normal traffic activity profile to build the knowledge base and consider activities which deviate from this baseline profile as anomalous.…”
Section: Introductionmentioning
confidence: 99%