[1]
|
M. Thottan and C. Y. Ji, “Anomaly detection in IP networks,” IEEE Transactions on Signal Processing, 51(8): pp. 2191–2204, 2003.
|
[2]
|
M. Roesch, “Snort-lightweight intusion detection for networks,” in USENIX LISA 1999, Seattle, WA, November 1999.
|
[3]
|
P. Barford et al., “A signal analysis of network traffic anomalies,” in ACM SIGCOMM Internet Measurement Workshop, November 2002.
|
[4]
|
A. Hussein, J. Heidemann, and C. Papadopoulus, “A framework for classifying denial of service attacks,” in ACM SIGCOMM, August 2003.
|
[5]
|
A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” in ACM SIGCOMM, September 2004.
|
[6]
|
D. Plonka, “FlowScan: A network traffic flow reporting and visualization tool,” in USENIX LISA 2000, New Orleans, LA, December 2000.
|
[7]
|
J. Mirkovic, G. Prier, and P. Reiher, “Attacking DDoS at the source,” in IEEE International Conference on Network Protocols, November 2002.
|
[8]
|
A. Garg and A. L. N. Reddy, “Mitigation of DoS attacks through QoS regulation,” in Proceedings of IWQOS, May 2002.
|
[9]
|
J. Ioannidis and S. M. Bellovin, “Implementing pushback: Router-based defense against DDoS attacks,” in Proceedings of Network and Distributed System Security Symposium, February 2002.
|
[10]
|
Y. Zhang, L. Breslau, V. Paxson, and S. Shenker, “On the characteristics and origins of internet flow rates,” in ACMSIGCOMM, August 2002.
|
[11]
|
Smitha, I. Kim, and A. L. N. Reddy, “Identifying long term high rate flows at a router,” in Proceedings of High Performance Computing, December 2001.
|
[12]
|
I. Kim, “Analyzing network traces to identify long-term high rate flows,” M. S. thesis, TAMU-ECE-2001-02, May 2001.
|
[13]
|
R. Mahajan, et al., “Controlling high bandwidth aggregates in the network,” ACM Computer Communication Review, Vol. 32, No. 3, July 2002.
|
[14]
|
C. Estan and G. Varghese, “New directions in traffic measurement and accounting,” in ACM SIGCOMM, August 2002.
|
[15]
|
A. Medina et al., “Traffic matrix estimation: Existing techniques and new directions,” in ACM SIGCOMM, August 2002.
|
[16]
|
D. Tong and A. L. N. Reddy, “QOS enhancement with partial state,” in Proceedings of IWQOS, June 1999.
|
[17]
|
Packeteer, “PacketShaper Express,” white paper, 2003, http://www. packeteer. Com / resources / prod-sol/Xpress_ Whitepaper.pdf.
|
[18]
|
S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan, and V. Paxson, “Pushback messages for controlling aggregates in the network,” IETF Internet draft, work in progress, July 2001.
|
[19]
|
S. Savage, D. Whetherall, A. Karlin, and T. Anderson, “Practical network support for IP traceback,” in ACM SIGCOMM, 2000.
|
[20]
|
S. S. Kim and A. L. N. Reddy, “Statistical techniques for detecting traffic anomalies through packet header data,” IEEE/ACM Transaction on Networking, Vol. 16, No. 3, pp. 562–575, June 2008.
|
[21]
|
A. Kuzmanovic and E. Knightly, “Low-rate TCP-targeted denial of service attacks,” in ACM SIGCOMM, Karlsruhe, Germany, August 2003.
|
[22]
|
A. Feldmann, A. Gilbert, P. Huang, and W. Willinger, “Dynamics of IP traffic: A study of the role of variability and the impact of control,” ACM Computer Communication Review, Vol. 29, No. 4, pp. 301–313, 1999.
|
[23]
|
C. M. Cheng, H. T. Kung, and K. S. Tan, “Use of spectral analysis in defense against DoS attacks,” in IEEE Globecom, 2002.
|
[24]
|
J. B. D. Cabrera, L. Lewis, and X. Z. Qin, “Proactive detection of distributed denial of service attacks using MIB traffic variables–a feasibility study,” IEEE Transactions on Signal Processing, 49(6): pp. 609–622, 2001.
|
[25]
|
S. Wang, L. C. Sun, and G. Z. Gan, “Application research based on Granger causality test for attack detection,” Computer Applications, 25 (6): pp. 1282–1285, 2005.
|
[26]
|
F. Zhang and J. Hellerstein, “An approach to on-line predictive detection,” in proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, San Francisco, CA, IEEE Computer Society, pp. 549–556 August 2000.
|
[27]
|
J. Hamilton, “Time series analysis,” Princeton University Press, 1994.
|
[28]
|
B. X. Zou and Z. Q. Yao, “A method to stabilize network traffic,” Journal of China Institute of Communications, 25(8): pp. 14–23, 2004.
|
[29]
|
P. J. Criscuolo, “Distribution denial of service — trin00, tribe flood network, tribe flood network 2000, and stacheldraht,” CIAC–2319, Department of Energy — CIAC (Computer Incident Advisory Capacity), 2000.
|