{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:38:58Z","timestamp":1759091938327},"publisher-location":"London","reference-count":61,"publisher":"Springer London","isbn-type":[{"type":"print","value":"9781848827646"},{"type":"electronic","value":"9781848827653"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-1-84882-765-3_11","type":"book-chapter","created":{"date-parts":[[2010,2,5]],"date-time":"2010-02-05T13:11:27Z","timestamp":1265375487000},"page":"239-261","source":"Crossref","is-referenced-by-count":39,"title":["Anomaly Detection Approaches for Communication Networks"],"prefix":"10.1007","author":[{"given":"Marina","family":"Thottan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guanglei","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuanyi","family":"Ji","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2010,1,20]]},"reference":[{"key":"11_CR1_11","doi-asserted-by":"crossref","unstructured":"Ahmed T., Coates M., Lakhina A.: Multivariate Online Anomaly Detection Using Kernel Recursive Least Squares. Proc. of 26th IEEE International Conference on Computer Communications (2007)","DOI":"10.1109\/INFCOM.2007.79"},{"key":"11_CR2_11","unstructured":"Ahmed T., Oreshkin B., Coates M.: Machine Learning Approaches to Network Anomaly Detection. Proc. of International Measurement Conference (2007)"},{"key":"11_CR3_11","volume-title":"Topology inference from BGP routing dynamics","author":"D Andersen","year":"2002","unstructured":"Andersen D., Feamster N., Bauer S., Balaskrishman H.: Topology inference from BGP routing dynamics. Proc. SIGCOM Internet Measurements Workshop, Marseille, France (2002)"},{"issue":"3","key":"11_CR4_11","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1049\/iet-com:20070231","volume":"2","author":"G Androulidakis","year":"2008","unstructured":"Androulidakis G., Papavassiliou S.: Improving Network Anomaly Detection via Selective Flow-Based Sampling. Communications, IET. Vol. 2, no. 3, 399\u2013409 (2008)","journal-title":"Communications, IET"},{"key":"11_CR5_11","doi-asserted-by":"crossref","unstructured":"Barford P., Kline J., Plonka D., Ron A.: A Signal Analysis of Network Traffic Anomalies. Proc. of the 2nd ACM SIGCOMM Workshop on Internet Measurements, 71\u201382 (2002)","DOI":"10.1145\/637201.637210"},{"key":"11_CR6_11","volume-title":"Finding Hierarchical Heavy Hitters in Data Streams","author":"G Cormode","year":"2003","unstructured":"Cormode G., Korn F., Muthukrishnan S. D., Srivastava D.: Finding Hierarchical Heavy Hitters in Data Streams. Proc. of VLDB, Berlin, Germany (2003)"},{"key":"11_CR7_11","unstructured":"Cormode G., Muthukrishan S.: Improved Data Stream Summaries: The Count-Min Sketch and Its Applications. Tech. Rep. 03-20, DIMACS (2003)"},{"key":"11_CR8_11","doi-asserted-by":"crossref","unstructured":"Cormode G., Johnson T., Korn F., Muthukrishnan S. Spatscheck O., Srivastava D.: Holistic UDAFs at Streaming Speeds. Proc. of ACM SIGMOD, Paris, France (2004)","DOI":"10.1145\/1007568.1007575"},{"key":"11_CR9_11","doi-asserted-by":"crossref","unstructured":"Cormode G., Korn F, Muthukrishnan S., Srivastava D.: Diamond in the Rough: Finding Hierarchical Heavy Hitters in Multi-Dimensional Data. Proc. of ACM SIGMOD, 155\u2013166 (2004)","DOI":"10.1145\/1007568.1007588"},{"issue":"6","key":"11_CR10_11","doi-asserted-by":"publisher","first-page":"1219","DOI":"10.1109\/TNET.2005.860096","volume":"13","author":"G Cormode","year":"2005","unstructured":"Cormode G., Muthukrishnan S.: What\u2019s New: Finding Significant Differences in Network Data Streams. IEEE\/ACM Trans. Netw. 13(6):1219\u20131232 (2005)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"11_CR11_11","doi-asserted-by":"crossref","unstructured":"Cormode G., Korn. F., Muthukrishnan S., Srivastava D: Finding Hierarchical Heavy Hitters in Streaming Data. ACM Trans. Knowledge Discovery from Data 1(4) (2008)","DOI":"10.1145\/1324172.1324174"},{"key":"11_CR12_11","volume-title":"Early Detection of BGP Instabilities Resulting From Internet Worm Attacks","author":"S Deshpande","year":"2004","unstructured":"Deshpande S., Thottan M., Sikdar B.: Early Detection of BGP Instabilities Resulting From Internet Worm Attacks. Proc. of IEEE Globecom, Dallas, TX (2004)"},{"key":"11_CR13_11","unstructured":"Duda R. O., Hart P., Stork D.: Pattern Classification, 2nd edn. John Willy and Sons (2001)"},{"key":"11_CR14_11","doi-asserted-by":"crossref","unstructured":"Duffield N.G., Lund C., Thorup M.: Properties and Prediction of Flow Statistics from Sampled Packet Streams. Proc. of ACM SIGCOMM Internet Measurement Workshop (2002)","DOI":"10.1145\/637201.637225"},{"key":"11_CR15_11","doi-asserted-by":"crossref","unstructured":"Ensafi R., Dehghanzadeh S., Mohammad R., Akbarzadeh T.: Optimizing Fuzzy K-Means for Network Anomaly Detection Using PSO. Computer Systems and Applications, IEEE\/ACS International Conference, 686\u2013693 (2008)","DOI":"10.1109\/AICCSA.2008.4493603"},{"key":"11_CR16_11","unstructured":"Erjongmanee S., Ji C.: Inferring Internet Service Disruptions upon A Natural Disaster. To appear at 2nd International Workshop on Knowledge Discovery from Sensor Data (2008)"},{"key":"11_CR17_11","volume-title":"New Directions in Traffic Measurement and Accounting","author":"C Estan","year":"2002","unstructured":"Estan C., Varghese G.: New Directions in Traffic Measurement and Accounting. Proc. of ACM SIGCOMM, New York, USA (2002)"},{"key":"11_CR18_11","unstructured":"Gao Y., Li Z., Chen Y.: A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks, Proc. of IEEE International Conference on Distributed Computing Systems (2006)"},{"key":"11_CR19_11","doi-asserted-by":"crossref","unstructured":"Gu Y., McCallum A., Towsley D.: Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation. Proc. of IMC (2005)","DOI":"10.1145\/1330107.1330148"},{"key":"11_CR20_11","volume-title":"ACAS: Automated Construction of Application Signatures","author":"P Haffner","year":"2005","unstructured":"Haffner P., Sen S., Spatscheck O., Wang D.: ACAS: Automated Construction of Application Signatures. Proc. of ACM SIGCOMM Workshop on Mining Network Data, Philadelphia, (2005)"},{"issue":"5","key":"11_CR21_11","doi-asserted-by":"publisher","first-page":"1053","DOI":"10.1109\/TNN.2005.853414","volume":"16","author":"H Hajji","year":"2005","unstructured":"Hajji H.: Statistical Analysis of Network Traffic for Adaptive Faults Detection. IEEE Trans. Neural Networks. Vol. 16, no. 5, 1053\u20131063 (2005)","journal-title":"IEEE Trans. Neural Networks. Vol."},{"key":"11_CR22_11","first-page":"515","volume":"1","author":"Q He","year":"2000","unstructured":"He Q., Shayman M.A.: Using Reinforcement Learning for Pro-Active Network Fault Management. Proc. of Communication Technology. Vol. 1, 515\u2013521 (2000)","journal-title":"Proc. of Communication Technology. Vol."},{"issue":"3","key":"11_CR23_11","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1109\/24.664004","volume":"46","author":"CS Hood","year":"1997","unstructured":"Hood C.S., Ji C.: Proactive Network Fault Detection. IEEE Tran. Reliability. Vol. 46 3, 333\u2013341 (1997)","journal-title":"IEEE Tran. Reliability. Vol."},{"key":"11_CR24_11","doi-asserted-by":"crossref","unstructured":"Huang L., Nguyen X., Garofalakis M., Jordan M.I., Joseph A., Taft N.: Communication-Efficient Online Detection of Network-Wide Anomalies. Proc. of 26th Annual IEEE Conference on Computer Communications (2007)","DOI":"10.1109\/INFCOM.2007.24"},{"key":"11_CR25_11","doi-asserted-by":"crossref","unstructured":"Huang Y., Feamster N., Lakhina A., Xu J.: Diagnosing Network Disruptions with Network-Wide Analysis. Proc. of ACM SIGMETRICS (2007)","DOI":"10.1145\/1254882.1254890"},{"key":"11_CR26_11","doi-asserted-by":"crossref","unstructured":"Ide T., Kashima H.: Eigenspace-Based Anomaly Detection in Computer Systems. Proc. of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, Seattle, 440\u2013449 (2004)","DOI":"10.1145\/1014052.1014102"},{"key":"11_CR27_11","unstructured":"Kim S.S., Reddy A.: Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data. Accepted by IEEE\/ACM Tran. Networking (2008)"},{"key":"11_CR28_11","doi-asserted-by":"crossref","unstructured":"Kline K., Nam S., Barford P., Plonka D., Ron A.: Traffic Anomaly Detection at Fine Time Scales with Bayes Nets. To appear in the International Conference on Internet Monitoring and Protection (2008)","DOI":"10.1109\/ICIMP.2008.33"},{"key":"11_CR29_11","volume-title":"Sketch-Based Change Detection: Methods, Evaluation, and Applications","author":"B Krishnamurthy","year":"2003","unstructured":"Krishnamurthy B., Sen S., Zhang Y., Chan Y.: Sketch-Based Change Detection: Methods, Evaluation, and Applications. Proc. of ACM SIGCOMM IMC, Florida, USA (2003)"},{"key":"11_CR30_11","doi-asserted-by":"crossref","unstructured":"Lall S., Sekar V., Ogihara M., Xu J., Zhang H.: Data Streaming Algorithms for Estimating Entropy of Network Traffic. Proc. of ACM SIGMETRICS (2006)","DOI":"10.1145\/1140277.1140295"},{"key":"11_CR31_11","doi-asserted-by":"crossref","unstructured":"Lakhina A., Crovella M., Diot C.: Diagnosing Network-Wide Traffic Anomalies. Proc. of ACM SIGCOMM (2004)","DOI":"10.1145\/1015467.1015492"},{"key":"11_CR32_11","doi-asserted-by":"crossref","unstructured":"Lakhina A., Papagiannaki K., Crovella M., Diot C., Kolaczyk E. N., Taft N.: Structural Analysis of Network Traffic Flows. Proc. of ACM SIGMETRICS (2004)","DOI":"10.1145\/1005686.1005697"},{"key":"11_CR33_11","volume-title":"Mining Anomalies Using Traffic Feature Distributions","author":"A Lakhina","year":"2005","unstructured":"Lakhina A., Crovella M., Diot C.: Mining Anomalies Using Traffic Feature Distributions. Proc. of ACM SIGCOMM, Philadelphia, PA (2005)"},{"key":"11_CR34_11","unstructured":"Lee W., Stolfo F., Mok K.W.: A Data Mining Framework for Building Intrusion Detection Models. Proc. of In IEEE Symposium on Security and Privacy (1999)"},{"key":"11_CR35_11","unstructured":"Lee W., Xiang D.: Information-Theoretic Measures for Anomaly Detection. Proc. of IEEE Symposium on Security and Privacy (2001)"},{"key":"11_CR36_11","doi-asserted-by":"crossref","unstructured":"Leland W. E., Taqqu M. S., Willinger W., Wilson D. V.: On the Self-Similar Nature of Ethernet Traffic, Proc. of ACM SIGCOMM (1993)","DOI":"10.1145\/166237.166255"},{"key":"11_CR37_11","doi-asserted-by":"crossref","unstructured":"Mai J., Chuah C., Sridharan A., Ye T., Zang H.: Is Sampled Data Sufficient for Anomaly Detection? Proc. of 6th ACM SIGCOMM conference on Internet measurement, Rio de Janeriro, Brazil. 165\u2013176 (2006)","DOI":"10.1145\/1177080.1177102"},{"issue":"5","key":"11_CR38_11","doi-asserted-by":"publisher","first-page":"1019","DOI":"10.1109\/TNN.2005.853427","volume":"16","author":"M Mandjes","year":"2005","unstructured":"Mandjes M., Saniee I., Stolyar A. L.: Load Characterization and Anomaly Detection for Voice over IP traffic. IEEE Tran. Neural Networks. Vol.16, no. 5, 1019\u20131026 (2005)","journal-title":"IEEE Tran. Neural Networks. Vol."},{"key":"11_CR39_11","volume-title":"Approximate Frequency Counts over Data Streams","author":"GS Manku","year":"2002","unstructured":"Manku G. S., Motwani R.: Approximate Frequency Counts over Data Streams. Proc. of IEEE VLDB, Hong Kong, China (2002)"},{"key":"11_CR40_11","volume-title":"Tan K","author":"RA Maxion","year":"2000","unstructured":"Maxion R. A., Tan K. M. C.: Benchmarking Anomaly-Based Detection Systems. Proc. International Conference on Dependable Systems and Networks (2000)"},{"key":"11_CR41_11","first-page":"151","volume":"8","author":"EL Miller","year":"1997","unstructured":"Miller E. L., Willsky A. S.: Multiscale, Statistical Anomaly Detection Analysis and Algorithms for Linearized Inverse Scattering Problems. Multidimensional Systems and Signal Processing. Vol. 8, 151\u2013184 (1997)","journal-title":"Statistical Anomaly Detection Analysis and Algorithms for Linearized Inverse Scattering Problems. Multidimensional Systems and Signal Processing. Vol."},{"key":"11_CR42_11","unstructured":"Ricciato F., Fleischer W.: Bottleneck Detection via Aggregate Rate Analysis: A Real Case in a 3G Network. Proc. IEEE\/IFIP NOMS (2004)"},{"key":"11_CR43_11","doi-asserted-by":"crossref","unstructured":"Ringberg H., Soule A., Rexford J., Diot C.: Sensitivity of PCA for Traffic Anomaly Detection. Proc. of ACM SIGMETRICS (2007)","DOI":"10.1145\/1254882.1254895"},{"key":"11_CR44_11","doi-asserted-by":"crossref","unstructured":"Rish I., Brodie M., Sheng M., Odintsova N., Beygelzimer A., Grabarnik G., Hernandez K.: Adaptive Diagnosis in Distributed Systems. IEEE Tran. Neural Networks. Vol. 16, No. 5, 1088\u20131109 (2005)","DOI":"10.1109\/TNN.2005.853423"},{"key":"11_CR45_11","volume-title":"Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams","author":"R Schweller","year":"2004","unstructured":"Schweller R., Gupta A., Parsons E., Chen Y.: Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams. Proc. of IMC, Italy (2004)"},{"key":"11_CR46_11","doi-asserted-by":"crossref","unstructured":"Schweller R., Li Z., Chen Y., Gao Y., Gupta A., Zhang Y., Dinda P., Kao M., Memik G.: Reverse hashing for High-Speed Network Monitoring: Algorithms, Evaluation, and Applications. Proc. of IEEE INFOCOM (2006)","DOI":"10.1109\/INFOCOM.2006.203"},{"key":"11_CR47_11","doi-asserted-by":"crossref","unstructured":"Soule A., Salamatian K., Taft N.: Combining Filtering and Statistical Methods for Anomaly Detection. Proc. of IMC Workshop (2005)","DOI":"10.1145\/1330107.1330147"},{"issue":"5","key":"11_CR48_11","doi-asserted-by":"publisher","first-page":"809","DOI":"10.1109\/TNET.2004.836121","volume":"12","author":"M Steinder","year":"2004","unstructured":"Steinder M., Sethi A.S.: Probabilistic Fault Localization in Communication Systems Using Belief Networks. IEEE\/ACM Trans. Networking. Vol. 12, No. 5, 809\u2013822 (2004)","journal-title":"IEEE\/ACM Trans. Networking"},{"key":"11_CR49_11","doi-asserted-by":"crossref","unstructured":"Tavallaee M., Lu W., Iqbal S. A., Ghorbani A.: A Novel Covariance Matrix Based Approach for Detecting Network Anomalies. Communication Networks and Services Research Conference (2008)","DOI":"10.1109\/CNSR.2008.80"},{"issue":"8","key":"11_CR50_11","doi-asserted-by":"publisher","first-page":"2191","DOI":"10.1109\/TSP.2003.814797","volume":"51","author":"M Thottan","year":"2003","unstructured":"Thottan M., Ji C.: Anomaly Detection in IP Networks. IEEE Trans. Signal Processing, Special Issue of Signal Processing in Networking, Vol. 51, No. 8, 2191\u20132204 (2003)","journal-title":"IEEE Trans. Signal Processing, Special Issue of Signal Processing in Networking"},{"issue":"5","key":"11_CR51_11","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/65.730748","volume":"12","author":"M Thottan","year":"1998","unstructured":"Thottan M., Ji C.: Proactive Anomaly Detection Using Distributed Intelligent Agents. IEEE Network. Vol. 12, no. 5, 21\u201327 (1998)","journal-title":"IEEE Network. Vol."},{"key":"11_CR52_11","doi-asserted-by":"crossref","unstructured":"Venkataraman S., Song D., Gibbons P., Blum A.: New Streaming Algorithms for Fast Detection of Superspreaders. Proc. of Network and Distributed Systems Security Symposium (2005)","DOI":"10.21236\/ADA461026"},{"key":"11_CR53_11","unstructured":"Venkataraman S., Caballero J., Song D., Blum A., Yates J.: Black-box Anomaly Detection: Is it Utopian?\u201d Proc. of the Fifth Workshop on Hot Topics in Networking (HotNets-V), Irvine, CA (2006)"},{"key":"11_CR54_11","doi-asserted-by":"crossref","unstructured":"Xie Y., Kim H.A., O\u2019Hallaron D. R., Reiter M. K., Zhang H.: Seurat: A Pointillist Approach to Anomaly Detection. Proc. of the International Symposium on Recent Advances in Intrusion Detection (RAID) (2004)","DOI":"10.1007\/978-3-540-30143-1_13"},{"key":"11_CR55_11","unstructured":"Wang H., Zhang D., Shin K. G.: Detecting SYN flooding attacks. Proc. of IEEE INFOCOM (2002)"},{"key":"11_CR56_11","unstructured":"Xu J.: Tutorial on Network Data Streaming. SIGMETRICS (2007)"},{"key":"11_CR57_11","doi-asserted-by":"crossref","unstructured":"Yang Y., Deng F., Yang H.: An Unsupervised Anomaly Detection Approach using Subtractive Clustering and Hidden Markov Model. Communications and Networking in China. 313\u2013316 (2007)","DOI":"10.1109\/CHINACOM.2007.4469390"},{"issue":"2","key":"11_CR58_11","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1109\/TSMCA.2006.889480","volume":"37","author":"DS Yeung","year":"2007","unstructured":"Yeung D. S., Jin S., Wang X.: Covariance-Matrix Modeling and Detecting Various Flooding Attacks. IEEE Tran. Systems, Man and Cybernetics, Part A, vol. 37, no. 2, 157\u2013169 (2007)","journal-title":"IEEE Tran. Systems, Man and Cybernetics, Part A"},{"key":"11_CR59_11","doi-asserted-by":"crossref","unstructured":"Zhang Y., Singh S., Sen S., Duffield N., Lund C.: Online Identification of Hierarchical Heavy Hitters: Algorithms, Evaluation and Applications. Proc. of ACM SIGCOMM conference on Internet measurement. 101\u2013114 (2004)","DOI":"10.1145\/1028788.1028802"},{"key":"11_CR60_11","doi-asserted-by":"crossref","unstructured":"Zhang J., Rexford J., Feigenbaum J.: Learning-Based Anomaly Detection in BGP Updates. Proc. of ACM SIGCOMM MineNet workshop (2005)","DOI":"10.21236\/ADA458902"},{"key":"11_CR61_11","doi-asserted-by":"crossref","unstructured":"Zhang Y., Ge Z., Greenberg A., Roughan M.: Network Anomography. Proc. of ACM\/USENIX Internet Measurement Conference (2005)","DOI":"10.1145\/1330107.1330146"}],"container-title":["Computer Communications and Networks","Algorithms for Next Generation Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-84882-765-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,25]],"date-time":"2019-05-25T16:24:59Z","timestamp":1558801499000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-1-84882-765-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9781848827646","9781848827653"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-1-84882-765-3_11","relation":{},"ISSN":["1617-7975"],"issn-type":[{"type":"print","value":"1617-7975"}],"subject":[],"published":{"date-parts":[[2010]]}}}