Despite the advances reached along the last 20 years, anomaly detection in network behavior is still an immature technology, and the shortage of commercial tools thus corroborates...
Today’s signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus and en...
Charles R. Haag, Gary B. Lamont, Paul D. Williams,...
When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to ...
Fernando Silveira, Christophe Diot, Nina Taft, Ram...
Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic a...
Common practice in anomaly-based intrusion detection assumes that one size fits all: a single anomaly detector should detect all anomalies. Compensation for any performance short...