Detecting scanning in Internet traffic is a well-studied topic with no single, definitive approach. Among the proposed methods are two which are widely accepted, but with known limitations: one based on a static fanout ratio, and another on principal component analysis (PCA). We introduce a two-step procedure based on Functional PCA and k-means clustering which we argue provides significantly better robustness and data-driven applicability. We validate and compare using synthetic datasets with ground truth about anomalies on FTP and HTTP port traffic flows; our method identifies all scanners. We also compare approaches using NTP flow data prior to a reflective DDoS attack in 2014, providing a real-world example to illustrate the deficienc...
Malicious agents like self-propagating worms often rely on port and/or address scanning to discover ...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Detecting scanning in Internet traffic is a well-studied topic with no single, definitive approach. ...
Adversaries are always probing for vulnerable spots on the Internet so they can attack their target....
Detecting anomalous traffic is a crucial part of managing IP networks. In recent years, network-wide...
The rising complexity of network anomalies necessitates increased attention to developing new techni...
The dataset is first analyzed on a basic level by looking at the correlations between number of measu...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Nowadays, Internet has serious security problems and net-work failures that are hard to resolve, for...
International audienceWe introduce a novel real time anomaly intrusion detection method using a mult...
Abstract—Robust statistics is a branch of statistics which includes statistical methods capable of d...
Research into network anomaly detection has become crucial as a result of a significant increase in ...
International audienceThe crucial future role of Internet in society makes of network monitoring a c...
In every network, traffic anomaly detection system is an essential field of study. In the communicat...
Malicious agents like self-propagating worms often rely on port and/or address scanning to discover ...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Detecting scanning in Internet traffic is a well-studied topic with no single, definitive approach. ...
Adversaries are always probing for vulnerable spots on the Internet so they can attack their target....
Detecting anomalous traffic is a crucial part of managing IP networks. In recent years, network-wide...
The rising complexity of network anomalies necessitates increased attention to developing new techni...
The dataset is first analyzed on a basic level by looking at the correlations between number of measu...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Nowadays, Internet has serious security problems and net-work failures that are hard to resolve, for...
International audienceWe introduce a novel real time anomaly intrusion detection method using a mult...
Abstract—Robust statistics is a branch of statistics which includes statistical methods capable of d...
Research into network anomaly detection has become crucial as a result of a significant increase in ...
International audienceThe crucial future role of Internet in society makes of network monitoring a c...
In every network, traffic anomaly detection system is an essential field of study. In the communicat...
Malicious agents like self-propagating worms often rely on port and/or address scanning to discover ...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...