{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T07:28:01Z","timestamp":1771745281550,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":104,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642367830","type":"print"},{"value":"9783642367847","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-36784-7_7","type":"book-chapter","created":{"date-parts":[[2013,3,2]],"date-time":"2013-03-02T00:04:20Z","timestamp":1362182660000},"page":"148-183","source":"Crossref","is-referenced-by-count":23,"title":["A Methodological Overview on Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Christian","family":"Callegari","sequence":"first","affiliation":[]},{"given":"Angelo","family":"Coluccia","sequence":"additional","affiliation":[]},{"given":"Alessandro","family":"D\u2019Alconzo","sequence":"additional","affiliation":[]},{"given":"Wendy","family":"Ellens","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Giordano","sequence":"additional","affiliation":[]},{"given":"Michel","family":"Mandjes","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Pagano","sequence":"additional","affiliation":[]},{"given":"Teresa","family":"Pepe","sequence":"additional","affiliation":[]},{"given":"Fabio","family":"Ricciato","sequence":"additional","affiliation":[]},{"given":"Piotr","family":"Z\u030auraniewski","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Darpa intrusion detection evaluation data set, http:\/\/www.ll.mit.edu\/mission\/communications\/ist\/corpora\/ideval"},{"key":"7_CR2","unstructured":"Kdd cup (1999), data, http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"},{"key":"7_CR3","first-page":"1027","volume-title":"SODA 2007: Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms","author":"D. Arthur","year":"2007","unstructured":"Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: SODA 2007: Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1027\u20131035. Society for Industrial and Applied Mathematics, Philadelphia (2007)"},{"key":"7_CR4","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1145\/637201.637210","volume-title":"Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, IMW 2002","author":"P. Barford","year":"2002","unstructured":"Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, IMW 2002, pp. 71\u201382. ACM, New York (2002)"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Borgnat, P., Dewaele, G., Fukuda, K., Abry, P., Cho, K.: Seven years and one day: Sketching the evolution of internet traffic. In: INFOCOM (April 2009)","DOI":"10.1109\/INFCOM.2009.5061979"},{"key":"7_CR6","unstructured":"Bouzida, Y., Cuppens, F., Cuppens-Boulahia, N.A., Gombault, S.N.: Efficient intrusion detection using principal component analysis. In: 3\u00e8me Conf\u00e9rence sur la S\u00e9curit\u00e9 et Architectures R\u00e9seaux, La Londe, France, Juin, RSM - D\u00e9pt. R\u00e9seaux, S\u00e9curit\u00e9 et Multim\u00e9dia (Institut T\u00e9l\u00e9com-T\u00e9l\u00e9com Bretagne) (2004)"},{"issue":"2","key":"7_CR7","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/335191.335388","volume":"29","author":"M.M. Breunig","year":"2000","unstructured":"Breunig, M.M., Kriegel, H.-P., Ng, R.T., Sander, J.: Lof: Identifying density-based local outliers. ACM SIGMOD Record\u00a029(2), 93\u2013104 (2000)","journal-title":"ACM SIGMOD Record"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Brodsky, B., Darkhovsky, B.: Nonparametric Methods in Change-point Problems. Kluwer (1993)","DOI":"10.1007\/978-94-015-8163-9"},{"key":"7_CR9","first-page":"67","volume-title":"CISDA 2009: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications","author":"C. Brown","year":"2009","unstructured":"Brown, C., Cowperthwaite, A., Hijazi, A., Somayaji, A.: Analysis of the 1999 darpa\/lincoln laboratory ids evaluation data with netadhict. In: CISDA 2009: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, pp. 67\u201373. IEEE Press, Piscataway (2009)"},{"key":"7_CR10","unstructured":"Bucklew, J.: Large Deviation Techniques in Decision, Simulation, andEstimation. Wiley (1985)"},{"issue":"2","key":"7_CR11","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1145\/507052.507054","volume":"20","author":"M. Burgess","year":"2002","unstructured":"Burgess, M., Haugerud, H., Straumsnes, S., Reitan, T.: Measuring system normality. ACM Trans. Comput. Syst.\u00a020(2), 125\u2013160 (2002)","journal-title":"ACM Trans. Comput. Syst."},{"key":"7_CR12","unstructured":"Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., Pepe, T.: A novel multi time-scales pca-based anomaly detection system. In: 2010 International Symposium on Performance Evaluation of Computer and Telecommunication Systems, SPECTS (2010)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., Pepe, T.: When randomness improves the anomaly detection performance. In: Proceedings of 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies, ISABEL (2010)","DOI":"10.1109\/ISABEL.2010.5702782"},{"key":"7_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1007\/978-3-540-85500-2_22","volume-title":"Next Generation Teletraffic and Wired\/Wireless Advanced Networking","author":"C. Callegari","year":"2008","unstructured":"Callegari, C., Giordano, S., Pagano, M.: Application of Wavelet Packet Transform to Network Anomaly Detection. In: Balandin, S., Moltchanov, D., Koucheryavy, Y. (eds.) NEW2AN 2008. LNCS, vol.\u00a05174, pp. 246\u2013257. Springer, Heidelberg (2008)"},{"key":"7_CR15","first-page":"331","volume-title":"IWCMC 2010: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference","author":"C. Callegari","year":"2010","unstructured":"Callegari, C., Giordano, S., Pagano, M., Pepe, T.: On the use of sketches and wavelet analysis for network anomaly detection. In: IWCMC 2010: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, pp. 331\u2013335. ACM, New York (2010)"},{"issue":"8","key":"7_CR16","doi-asserted-by":"publisher","first-page":"692","DOI":"10.1016\/j.cose.2011.08.006","volume":"30","author":"C. Callegari","year":"2011","unstructured":"Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Combining sketches and wavelet analysis for multi time-scale network anomaly detection. Computers & Security\u00a030(8), 692\u2013704 (2011)","journal-title":"Computers & Security"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Detecting heavy change in the heavy hitter distribution of network traffic. In: IWCMC, pp. 1298\u20131303. IEEE Press (2011)","DOI":"10.1109\/IWCMC.2011.5982727"},{"issue":"4","key":"7_CR18","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1504\/IJSNET.2012.047149","volume":"11","author":"C. Callegari","year":"2012","unstructured":"Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods. IJSNet\u00a011(4), 205\u2013214 (2012)","journal-title":"IJSNet"},{"issue":"8","key":"7_CR19","doi-asserted-by":"publisher","first-page":"600","DOI":"10.1016\/j.cose.2006.08.017","volume":"25","author":"G. Carl","year":"2006","unstructured":"Carl, G., Brooks, R.R., Rai, S.: Wavelet based denial-of-service detection. Computers & Security\u00a025(8), 600\u2013615 (2006)","journal-title":"Computers & Security"},{"issue":"3","key":"7_CR20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V. Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv.\u00a041(3), 15:1\u201315:58 (2009)","journal-title":"ACM Comput. Surv."},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Charikar, M., Chen, K., Farach-Colton, M.: Finding frequent items in data streams. In: Proc. VLDB Endow, pp. 693\u2013703 (2002)","DOI":"10.1007\/3-540-45465-9_59"},{"issue":"3","key":"7_CR22","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1002\/sec.69","volume":"2","author":"V. Chatzigiannakis","year":"2009","unstructured":"Chatzigiannakis, V., Papavassiliou, S., Androulidakis, G.: Improving network anomaly detection effectiveness via an integrated multi-metric-multi-link (m3l) pca-based approach. Security and Communication Networks\u00a02(3), 289\u2013304 (2009)","journal-title":"Security and Communication Networks"},{"key":"7_CR23","doi-asserted-by":"publisher","first-page":"739","DOI":"10.1080\/01621459.1997.10474026","volume":"92","author":"J. Chen","year":"1997","unstructured":"Chen, J., Gupta, A.: Testing and locating variance change points with application to stock prices. J. Am. Statist. Assoc. \u00a092, 739\u2013747 (1997)","journal-title":"J. Am. Statist. Assoc."},{"key":"7_CR24","unstructured":"Cheung-Mon-Chan, P., Clerot, F.: Finding hierarchical heavy hitters with the count min sketch. In: Proceedings of 4th International Workshop on Internet Performance, Simulation, Monitoring and Measurement, IPS-MOME (2006)"},{"issue":"2","key":"7_CR25","doi-asserted-by":"publisher","first-page":"713","DOI":"10.1109\/18.119732","volume":"38","author":"R.R. Coifman","year":"1992","unstructured":"Coifman, R.R., Wickerhauser, M.V.: Entropy-based algorithms for best basis selection. IEEE Transactions on Information Theory\u00a038(2), 713\u2013718 (1992)","journal-title":"IEEE Transactions on Information Theory"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Cormode, G., Muthukrishnan, S.: What\u2019s hot and what\u2019s not: Tracking most frequent items dynamically. In: Proceedings of ACM Principles of Database Systems, pp. 296\u2013306 (2003)","DOI":"10.1145\/773153.773182"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Cormode, G., Muthukrishnan, S.: What\u2019s new: Finding significant differences in network data streams. In: Proc. of IEEE Infocom, pp. 1534\u20131545 (2004)","DOI":"10.1109\/INFCOM.2004.1354567"},{"issue":"1","key":"7_CR28","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1016\/j.jalgor.2003.12.001","volume":"55","author":"G. Cormode","year":"2005","unstructured":"Cormode, G., Muthukrishnan, S.: An improved data stream summary: the count-min sketch and its applications. Journal of Algorithms\u00a055(1), 58\u201375 (2005)","journal-title":"Journal of Algorithms"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Cormode, G., Muthukrishnan, S., Srivastava, D.: Finding hierarchical heavy hitters in data streams. In: Proc. of VLDB, pp. 464\u2013475 (2003)","DOI":"10.1016\/B978-012722442-8\/50048-3"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based detection of dos attacks. In: Proceedings of Global Telecommunications Conference, GLOBECOM 2006, pp. 1\u20136. IEEE (2006)","DOI":"10.1109\/GLOCOM.2006.279"},{"issue":"5","key":"7_CR31","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1002\/nem.747","volume":"20","author":"A. D\u2019Alconzo","year":"2010","unstructured":"D\u2019Alconzo, A., Coluccia, A., Romirer-Maierhofer, P.: Distribution-based anomaly detection in 3g mobile networks: from theory to practice. Int. J. Netw. Manag.\u00a020(5), 245\u2013269 (2010)","journal-title":"Int. J. Netw. Manag."},{"key":"7_CR32","doi-asserted-by":"publisher","first-page":"909","DOI":"10.1002\/cpa.3160410705","volume":"41","author":"I. Daubechies","year":"1988","unstructured":"Daubechies, I.: Orthonormal bases of compactly supported wavelets. Communications on Pure and Applied Mathematics\u00a041, 909\u2013996 (1988)","journal-title":"Communications on Pure and Applied Mathematics"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Daubechies, I.: Ten lectures on Wavelets. CBMS-NSF Series in Applied Mathematics, vol. 61. SIAM, Philadelphia (1992)","DOI":"10.1137\/1.9781611970104"},{"key":"7_CR34","doi-asserted-by":"crossref","unstructured":"Dembo, A., Zeitouni, O.: Large Deviations Techniques and Applications. Springer (1998)","DOI":"10.1007\/978-1-4612-5320-4"},{"issue":"2","key":"7_CR35","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering\u00a013(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"7_CR36","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1145\/1352664.1352675","volume-title":"LSAD 2007: Proceedings of the 2007 Workshop on Large Scale Attack Defense","author":"G. Dewaele","year":"2007","unstructured":"Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: LSAD 2007: Proceedings of the 2007 Workshop on Large Scale Attack Defense, pp. 145\u2013152. ACM, New York (2007)"},{"key":"7_CR37","doi-asserted-by":"publisher","first-page":"686","DOI":"10.1109\/AICCSA.2008.4493603","volume-title":"AICCSA 2008: Proceedings of the 2008 IEEE\/ACS International Conference on Computer Systems and Applications","author":"R. Ensafi","year":"2008","unstructured":"Ensafi, R., Dehghanzadeh, S., Akbarzadeh, T.M.R.: Optimizing fuzzy k-means for network anomaly detection using pso. In: AICCSA 2008: Proceedings of the 2008 IEEE\/ACS International Conference on Computer Systems and Applications, pp. 686\u2013693. IEEE Computer Society, Washington, DC (2008)"},{"key":"7_CR38","unstructured":"Ert\u00f6z, L., Eilertson, E., Lazarevic, A., Tan, P.N., Kumar, V., Srivastava, J.P., Dokas, P.: MINDS - Minnesota Intrusion Detection System. MIT Press (2004)"},{"key":"7_CR39","doi-asserted-by":"crossref","unstructured":"Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer (2002)","DOI":"10.1007\/978-1-4615-0953-0_4"},{"key":"7_CR40","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1145\/859716.859719","volume":"21","author":"C. Estan","year":"2003","unstructured":"Estan, C., Varghese, G.: New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice. ACM Transactions on Computer Systems\u00a021, 270\u2013313 (2003)","journal-title":"ACM Transactions on Computer Systems"},{"key":"7_CR41","unstructured":"Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise, pp. 226\u2013231. AAAI Press (1996)"},{"key":"7_CR42","unstructured":"Fox, K.L., Henning, R.R., Reed, J.H., Simonian, R.P.: A neural network approach towards intrusion detection. In: Proc. 13th National Computer Security Conference. Information Systems Security. Standards - the Key to the Future, vol.\u00a0I, pp. 124\u2013134 (1990)"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Maier, G., Feldmann, A., Paxson, V., Allman, M.: On dominant characteristics of residential broadband internet traffic. In: IEEE IMC (2009)","DOI":"10.1145\/1644893.1644904"},{"key":"7_CR44","doi-asserted-by":"crossref","unstructured":"Gao, J., Hu, G., Yao, X.: Anomaly detection of network traffic based on wavelet packet (2006)","DOI":"10.1109\/APCC.2006.255840"},{"key":"7_CR45","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1006\/acha.2000.0342","volume":"10","author":"A.C. Gilbert","year":"2001","unstructured":"Gilbert, A.C.: Multiscale analysis and data networks. Applied and Computational Harmonic Analysis\u00a010, 185\u2013202 (2001)","journal-title":"Applied and Computational Harmonic Analysis"},{"issue":"2","key":"7_CR46","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"V. Hodge","year":"2004","unstructured":"Hodge, V., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev.\u00a022(2), 85\u2013126 (2004)","journal-title":"Artif. Intell. Rev."},{"key":"7_CR47","doi-asserted-by":"publisher","first-page":"279","DOI":"10.2307\/2346968","volume":"26","author":"D. Hsu","year":"1977","unstructured":"Hsu, D.: Tests for variance shift at an unknown time point. Appl. Statist.\u00a026, 279\u2013284 (1977)","journal-title":"Appl. Statist."},{"key":"7_CR48","doi-asserted-by":"crossref","unstructured":"Huang, P., Feldmann, A., Willinger, W.: A non-instrusive, wavelet-based approach to detecting network performance problems. In: IMW 2001: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 213\u2013227 (2001)","DOI":"10.1145\/505227.505229"},{"key":"7_CR49","first-page":"913","volume":"89","author":"C. Incl\u00e1n","year":"1994","unstructured":"Incl\u00e1n, C., Tiao, G.: Use of cumulative sums of squares for retrospective detection of changes of variance. J. Am. Statist. Assoc.\u00a089, 913\u2013923 (1994)","journal-title":"J. Am. Statist. Assoc."},{"key":"7_CR50","doi-asserted-by":"crossref","unstructured":"Zaki, M.J., Sequeira, K.: Admit: Anomaly-base data mining for intrusions. In: 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (Jul. 2002)","DOI":"10.1145\/775047.775103"},{"key":"7_CR51","doi-asserted-by":"crossref","unstructured":"Karp, R.M., Papadimitriou, C.H., Shenker, S.: A simple algorithm for finding frequent elements in streams and bags. ACM Transactions on Database Systems\u00a028 (2003)","DOI":"10.1145\/762471.762473"},{"key":"7_CR52","unstructured":"Kim, S.S., Narasimha Reddy, A.L., Vannucci, M.: Detecting traffic anomalies using discrete wavelet transform. In: Proceedings of International Conference on Information Networking (ICOIN), Busan, Korea, pp. 1375\u20131384 (2003)"},{"key":"7_CR53","doi-asserted-by":"crossref","unstructured":"Lakhina, A.: Diagnosing network-wide traffic anomalies. In: ACM SIGCOMM, pp. 219\u2013230 (2004)","DOI":"10.1145\/1030194.1015492"},{"key":"7_CR54","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: ACM Internet Measurement Conference, pp. 201\u2013206 (2004)","DOI":"10.1145\/1028788.1028813"},{"key":"7_CR55","doi-asserted-by":"crossref","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM (2005)","DOI":"10.1145\/1080091.1080118"},{"key":"7_CR56","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1145\/1005686.1005697","volume-title":"Proceedings of the Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2004\/Performance 2004","author":"A. Lakhina","year":"2004","unstructured":"Lakhina, A., Papagiannaki, K., Crovella, M., Christophe, D., Kolaczyk, E.D., Taft, N.: Structural analysis of network traffic flows. In: Proceedings of the Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2004\/Performance 2004, pp. 61\u201372. ACM, New York (2004)"},{"key":"7_CR57","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ozgur, A., Ertoz, L., Srivastava, J., Kumar, V.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the Third SIAM International Conference on Data Mining (2003)","DOI":"10.1137\/1.9781611972733.3"},{"issue":"1","key":"7_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/90.282603","volume":"2","author":"W.E. Leland","year":"1994","unstructured":"Leland, W.E., Taqqu, M.S., Willinger, W., Wilson, D.V.: On the self-similar nature of ethernet traffic (extended version). IEEE\/ACM Trans. Netw.\u00a02(1), 1\u201315 (1994)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"7_CR59","unstructured":"Lin, S.-Y., Liu, J.-C., Zhao, W.: Adaptive cusum for anomaly detection and its application to detect shared congestion. Texas A&M University. Technical Report TAMU-CS-TR-2007-1-2 (2007)"},{"key":"7_CR60","doi-asserted-by":"crossref","unstructured":"Liu, Y., Zhang, L., Guan, Y.: Sketch-based streaming pca algorithm for network-wide traffic anomaly detection. In: Proceedings of International Conference on Distributed Computing Systems (2010)","DOI":"10.1109\/ICDCS.2010.45"},{"key":"7_CR61","doi-asserted-by":"publisher","first-page":"1897","DOI":"10.1214\/aoms\/1177693055","volume":"42","author":"G. Lorden","year":"1971","unstructured":"Lorden, G.: Procedures for reacting to a change in distribution. Ann. Math. Statist.\u00a042, 1897\u20131908 (1971)","journal-title":"Ann. Math. Statist."},{"key":"7_CR62","doi-asserted-by":"crossref","unstructured":"Lu, W., Ghorbani, A.: Network anomaly detection based on wavelet analysis. EURASIP Journal on Advances in Signal Processing (1), 837601 (2009)","DOI":"10.1155\/2009\/837601"},{"issue":"7","key":"7_CR63","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1109\/34.192463","volume":"11","author":"S.G. Mallat","year":"1989","unstructured":"Mallat, S.G.: A theory for multiresolution signal decomposition: The wavelet representation. IEEE Transactions on Pattern Analysis and Machine Intelligence\u00a011(7), 674\u2013693 (1989)","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"7_CR64","doi-asserted-by":"crossref","unstructured":"Mandjes, M.: Large Deviations for Gaussian Queues. Wiley (2007)","DOI":"10.1002\/9780470515099"},{"key":"7_CR65","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1016\/j.peva.2011.01.008","volume":"68","author":"M. Mandjes","year":"2011","unstructured":"Mandjes, M., Zuraniewski, P.: M\/g\/\u221e transience, and its applications to overload detection. Performance Evaluation\u00a068, 507\u2013527 (2011)","journal-title":"Performance Evaluation"},{"key":"7_CR66","doi-asserted-by":"crossref","unstructured":"Manku, G.S., Motwani, R.: Approximate frequency counts over data streams. In: VLDB, pp. 346\u2013357 (2002)","DOI":"10.1016\/B978-155860869-6\/50038-X"},{"key":"7_CR67","unstructured":"Mata, F., Zuraniewski, P., Mandjes, M., Mellia, M.: Anomaly detection in voip traffic with trends. In: Proceedings of the 24th International Teletraffic Congress (2012)"},{"issue":"7","key":"7_CR68","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/MAES.2010.5546306","volume":"25","author":"S. Matteoli","year":"2010","unstructured":"Matteoli, S., Diani, M., Corsini, G.: A tutorial overview of anomaly detection in hyperspectral images. IEEE Aerospace and Electronic Systems Magazine\u00a025(7), 5\u201328 (2010)","journal-title":"IEEE Aerospace and Electronic Systems Magazine"},{"key":"7_CR69","unstructured":"M\u00fcnz, G., Carle, G.: Application of forecasting techniques and control charts for traffic anomaly detection. In: Proceedings of the 19th ITC Specialist Seminar on Network Usage and Traffic (2008)"},{"key":"7_CR70","unstructured":"Munz, G., Li, S., Carle, G.: Traffic anomaly detection using k-means clustering. In: GI\/ITG-Workshop MMBnet (2007)"},{"key":"7_CR71","first-page":"413","volume-title":"Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms","author":"S. Muthukrishnan","year":"2003","unstructured":"Muthukrishnan, S.: Data streams: algorithms and applications. In: Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 413\u2013413. Society for Industrial and Applied Mathematics, Philadelphia (2003)"},{"key":"7_CR72","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/978-3-540-24775-3_33","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"J. Oldmeadow","year":"2004","unstructured":"Oldmeadow, J., Ravinutala, S., Leckie, C.: Adaptive Clustering for Network Intrusion Detection. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS (LNAI), vol.\u00a03056, pp. 255\u2013259. Springer, Heidelberg (2004)"},{"key":"7_CR73","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1093\/biomet\/41.1-2.100","volume":"41","author":"E. Page","year":"1954","unstructured":"Page, E.: Continuous inspection scheme. Biometrika\u00a041, 100\u2013115 (1954)","journal-title":"Biometrika"},{"key":"7_CR74","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1214\/aos\/1176346587","volume":"13","author":"M. Pollak","year":"1985","unstructured":"Pollak, M.: Optimal detection of a change in distribution. Ann. Statist.\u00a013, 206\u2013227 (1985)","journal-title":"Ann. Statist."},{"key":"7_CR75","unstructured":"Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (November 2001)"},{"key":"7_CR76","doi-asserted-by":"crossref","unstructured":"Pukkawanna, S., Fukuda, K.: Combining sketch and wavelet models for anomaly detection. In: 2010 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 313\u2013319 (August 2010)","DOI":"10.1109\/ICCP.2010.5606421"},{"issue":"2","key":"7_CR77","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1145\/335191.335437","volume":"29","author":"S. Ramaswamy","year":"2000","unstructured":"Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets. SIGMOD Rec.\u00a029(2), 427\u2013438 (2000)","journal-title":"SIGMOD Rec."},{"key":"7_CR78","doi-asserted-by":"crossref","unstructured":"Resnick, S.: Adventures in Stochastic Processes. Birkh\u00e4user (2002)","DOI":"10.1007\/978-1-4612-0387-2"},{"key":"7_CR79","doi-asserted-by":"crossref","unstructured":"Ricciato, F., Coluccia, A., D\u2019Alconzo, A., Veitch, D., Borgnat, P., Abry, P.: On the role of flows and sessions in internet traffic modeling: an explorative toy-model. In: IEEE Globecom (2009)","DOI":"10.1109\/GLOCOM.2009.5425847"},{"issue":"5","key":"7_CR80","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1016\/j.comcom.2009.11.015","volume":"33","author":"F. Ricciato","year":"2010","unstructured":"Ricciato, F., Coluccia, A., D\u2019Alconzo, A.: A review of dos attack models for 3g cellular networks from a system-design perspective. Computer Communications\u00a033(5), 551\u2013558 (2010)","journal-title":"Computer Communications"},{"issue":"1","key":"7_CR81","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1145\/1269899.1254895","volume":"35","author":"H. Ringberg","year":"2007","unstructured":"Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of pca for traffic anomaly detection. SIGMETRICS Perform. Eval. Rev.\u00a035(1), 109\u2013120 (2007)","journal-title":"SIGMETRICS Perform. Eval. Rev."},{"issue":"4","key":"7_CR82","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1109\/90.865075","volume":"8","author":"M. Roughan","year":"2000","unstructured":"Roughan, M., Veitch, D., Abry, P.: Real-time estimation of the parameters of long-range dependence. IEEE\/ACM Trans. Netw.\u00a08(4), 467\u2013478 (2000)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"7_CR83","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1145\/1028788.1028814","volume-title":"Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC 2004","author":"R. Schweller","year":"2004","unstructured":"Schweller, R., Gupta, A., Parsons, E., Chen, Y.: Reversible sketches for efficient and accurate change detection over network data streams. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC 2004, pp. 207\u2013212. ACM, New York (2004)"},{"key":"7_CR84","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1137\/1108002","volume":"8","author":"A. Shiryaev","year":"1963","unstructured":"Shiryaev, A.: On optimum methods in quickest detection problems. Theory Probab. Appl.\u00a08, 22\u201346 (1963)","journal-title":"Theory Probab. Appl."},{"key":"7_CR85","doi-asserted-by":"publisher","first-page":"604","DOI":"10.1137\/1109082","volume":"9","author":"A. Shiryaev","year":"1964","unstructured":"Shiryaev, A.: On Markov sufficient statistics in non-additive Bayes problems of sequential analysis. Theory Probab. Appl.\u00a09, 604\u2013618 (1964)","journal-title":"Theory Probab. Appl."},{"key":"7_CR86","unstructured":"Shlens, J.: A tutorial on principal component analysis (December 2005), http:\/\/www.snl.salk.edu\/~shlens\/pub\/notes\/pca.pdf"},{"key":"7_CR87","unstructured":"Shyu, M., Chen, S., Sarinnapakorn, K., Chang, L.: A novel anomaly detection scheme based on principal component classifier. In: In IEEE Foundations and New Directions of Data Mining Workshop, in Conjunction with ICDM 2003, pp. 172\u2013179 (2003)"},{"key":"7_CR88","doi-asserted-by":"crossref","unstructured":"Siegmund, D.: Sequential Analysis. Springer (1985)","DOI":"10.1007\/978-1-4757-1862-1"},{"key":"7_CR89","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1109\/TNSM.2012.031512.110146","volume":"9","author":"A. Sperotto","year":"2012","unstructured":"Sperotto, A., Mandjes, M., Sadre, R., de Boer, P.T., Pras, A.: Autonomic parameter tuning of anomaly-based IDSs: an SSH case study. IEEE Transactions on Network and Service Management\u00a09, 128\u2013141 (2012)","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"7_CR90","doi-asserted-by":"crossref","unstructured":"Subhabrata, B.K., Krishnamurthy, E., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: Methods, evaluation, and applications. In: Internet Measurement Conference, pp. 234\u2013247 (2003)","DOI":"10.1145\/948234.948236"},{"key":"7_CR91","unstructured":"Svoboda, P., Ricciato, F., Hasenleithner, E., Pilz, R.: Composition of gprs\/umts traffic: snapshots from a live network. In: 4th Intl Workshop on Internet Performance, Simulation, Monitoring and Measurement, IPS-MOME 2006, Salzburg (2006)"},{"key":"7_CR92","unstructured":"Tartakovsky, A., Veeravalli, V.: Changepoint detection in multi-channel and distributed systems with applications. In: Applications of Sequential Methodologies, pp. 331\u2013363 (2004)"},{"key":"7_CR93","first-page":"615","volume-title":"SODA 2004: Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms","author":"M. Thorup","year":"2004","unstructured":"Thorup, M., Zhang, Y.: Tabulation based 4-universal hashing with applications to second moment estimation. In: SODA 2004: Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 615\u2013624. Society for Industrial and Applied Mathematics, Philadelphia (2004)"},{"key":"7_CR94","doi-asserted-by":"crossref","unstructured":"Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Trans. on Signal Processing 51(8) (August 2003)","DOI":"10.1109\/TSP.2003.814797"},{"key":"7_CR95","series-title":"Computer Communications and Networks","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-1-84882-765-3_11","volume-title":"Algorithms for Next Generation Networks","author":"M. Thottan","year":"2010","unstructured":"Thottan, M., Liu, G., Ji, C.: Anomaly detection approaches for communication networks. In: Cormode, G., Thottan, M., Sammes, A.J. (eds.) Algorithms for Next Generation Networks. Computer Communications and Networks, pp. 239\u2013261. Springer, London (2010)"},{"key":"7_CR96","unstructured":"Tolle, J., Niggemann, O.: Supporting intrusion detection by graph clustering and graph drawing. Springer (2000)"},{"key":"7_CR97","unstructured":"Traynor, P., McDaniel, P., La Porta, T.: On attack causality in internet-connected cellular networks. In: USENIX Security (August 2007)"},{"key":"7_CR98","doi-asserted-by":"crossref","unstructured":"Traynor, P., McDaniel, P., La Porta, T.: Security for Telecommunications Networks. Springer (2008)","DOI":"10.1007\/978-0-387-72442-3"},{"key":"7_CR99","unstructured":"Vetterli, M., Kova\u010devic, J.: Wavelets and subband coding. Prentice-Hall, Inc., Upper Saddle River (1995)"},{"key":"7_CR100","doi-asserted-by":"publisher","first-page":"54","DOI":"10.2307\/3215174","volume":"34","author":"L. Wang","year":"1997","unstructured":"Wang, L., Potzelberger, K.: Boundary crossing probability for Brownian motion and general boundaries. J. Appl. Probab.\u00a034, 54\u201365 (1997)","journal-title":"J. Appl. Probab."},{"key":"7_CR101","first-page":"270","volume-title":"ARES 2006: Proceedings of the First International Conference on Availability, Reliability and Security","author":"W. Wang","year":"2006","unstructured":"Wang, W., Battiti, R.: Identifying intrusions in computer networks with principal component analysis. In: ARES 2006: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 270\u2013279. IEEE Computer Society, Washington, DC (2006)"},{"key":"7_CR102","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/978-3-540-28648-6_105","volume-title":"Advances in Neural Networks - ISNN 2004","author":"W. Wang","year":"2004","unstructured":"Wang, W., Guan, X., Zhang, X.: A Novel Intrusion Detection Method Based on Principle Component Analysis in Computer Security. In: Yin, F.-L., Wang, J., Guo, C. (eds.) ISNN 2004, Part II. LNCS, vol.\u00a03174, pp. 657\u2013662. Springer, Heidelberg (2004)"},{"issue":"2","key":"7_CR103","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1109\/JPROC.2005.862321","volume":"94","author":"H. Yang","year":"2006","unstructured":"Yang, H., Ricciato, F., Lu, S., Zhang, L.: Securing a wireless world. Proceedings of the IEEE\u00a094(2), 442\u2013454 (2006)","journal-title":"Proceedings of the IEEE"},{"key":"7_CR104","unstructured":"Ye, N.: A markov chain model of temporal behavior for anomaly detection. In: Proceedings of the Workshop on Information Assurance and Security (2000)"}],"container-title":["Lecture Notes in Computer Science","Data Traffic Monitoring and Analysis"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-36784-7_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T22:38:33Z","timestamp":1745966313000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-36784-7_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642367830","9783642367847"],"references-count":104,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-36784-7_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}