Hunting attacks in the dark: clustering and correlation analysis for unsupervised anomaly detection

Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their ta...

Full description

Saved in:

Bibliographic Details
Published in:	International Journal of Network Management Vol. 25; no. 5; pp. 283 - 305
Main Authors:	Mazel, Johan, Casas, Pedro, Fontugne, Romain, Fukuda, Kensuke, Owezarski, Philippe
Format:	Journal Article
Language:	English
Published:	Chichester Blackwell Publishing Ltd 01.09.2015 Wiley Wiley Subscription Services, Inc
Series:	Measure, Detect and Mitigate ‐ Challenges and Trends in Network Security
Subjects:	[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] Anomalies Anomaly Correlation Clustering Computer information security Computer Science Correlation analysis Detectors Filtering Rules MAWILab Networking and Internet Architecture Networks Outliers Detection Signatures Traffic engineering Traffic flow Unsupervised Anomaly Detection & Characterization unsupervised anomaly detection & characterization, clustering, outliers detection, anomaly correlation, filtering rules, MAWILab Anomaly Correlation Outliers Detection Unsupervised Anomaly Detection & Characterization Filtering Rules Clustering
ISSN:	1055-7148, 1099-1190
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Abstract	Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature‐based detection methods or supervised‐learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper, we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, that is, without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques, combining subspace clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post‐processing tasks and to speed up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the Widely Integrated Distributed Environment backbone network, spanning 6years of flows captured from a trans‐Pacific link between Japan and the USA, using the MAWILab framework for ground‐truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab. Copyright © 2015 John Wiley & Sons, Ltd. This article presents an unsupervised approach to detect and characterize network attacks without relying on signatures, training, or labelled traffic. It uses robust unsupervised machine‐learning techniques to unveil anomalous patterns in traffic flows, reducing the intervention of a human network operator. Through extensive evaluation, we show that it not only outperforms previous unsupervised detectors but also achieves high detection accuracy, comparable with that of standard supervised approaches. Our results show that unsupervised detection and characterization of attacks is feasible, opening the door to a new generation of autonomous security algorithms.
AbstractList	Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature-based detection methods or supervised-learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper, we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, that is, without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques, combining subspace clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post-processing tasks and to speed up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the Widely Integrated Distributed Environment backbone network, spanning 6years of flows captured from a trans-Pacific link between Japan and the USA, using the MAWILab framework for ground-truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab. Copyright © 2015 John Wiley & Sons, Ltd. Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature-based detection methods or supervised-learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper, we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, that is, without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques, combining subspace clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post-processing tasks and to speed up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the Widely Integrated Distributed Environment backbone network, spanning 6years of flows captured from a trans-Pacific link between Japan and the USA, using the MAWILab framework for ground-truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab. This article presents an unsupervised approach to detect and characterize network attacks without relying on signatures, training, or labelled traffic. It uses robust unsupervised machine-learning techniques to unveil anomalous patterns in traffic flows, reducing the intervention of a human network operator. Through extensive evaluation, we show that it not only outperforms previous unsupervised detectors but also achieves high detection accuracy, comparable with that of standard supervised approaches. Our results show that unsupervised detection and characterization of attacks is feasible, opening the door to a new generation of autonomous security algorithms. Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature‐based detection methods or supervised‐learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper, we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, that is, without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques, combining subspace clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post‐processing tasks and to speed up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the Widely Integrated Distributed Environment backbone network, spanning 6years of flows captured from a trans‐Pacific link between Japan and the USA, using the MAWILab framework for ground‐truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab. Copyright © 2015 John Wiley & Sons, Ltd. Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature‐based detection methods or supervised‐learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper, we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, that is, without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques, combining subspace clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post‐processing tasks and to speed up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the Widely Integrated Distributed Environment backbone network, spanning 6years of flows captured from a trans‐Pacific link between Japan and the USA, using the MAWILab framework for ground‐truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab. Copyright © 2015 John Wiley & Sons, Ltd. This article presents an unsupervised approach to detect and characterize network attacks without relying on signatures, training, or labelled traffic. It uses robust unsupervised machine‐learning techniques to unveil anomalous patterns in traffic flows, reducing the intervention of a human network operator. Through extensive evaluation, we show that it not only outperforms previous unsupervised detectors but also achieves high detection accuracy, comparable with that of standard supervised approaches. Our results show that unsupervised detection and characterization of attacks is feasible, opening the door to a new generation of autonomous security algorithms. Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks' integrity at risk. Most of the network anomaly detection systems proposed so far employ a supervised strategy to accomplish their task, using either signature-based detection methods or supervised-learning techniques. The former fails to detect unknown anomalies, exposing the network to severe consequences; the latter requires labeled traffic, which is difficult and expensive to produce. In this paper we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, i.e., without relying on signatures or labeled traffic. Unsupervised detection is accomplished by means of robust clustering techniques , combining sub-space clustering with correlation analysis to blindly identify anomalies. To alleviate network operator's post-processing tasks and to speed-up the deployment of effective countermeasures, anomaly ranking and characterization are automatically performed on the detected events. The system is extensively tested with real traffic from the WIDE backbone network, spanning six years of flows captured from a trans-pacific link between Japan and the US, using the MAWILab framework for ground-truth generation. We additionally evaluate the proposed approach with synthetic data, consisting of traffic from an operational network with synthetic attacks. Finally, we compare the performance of the unsupervised detection against different previously used unsupervised detection techniques, as well as against multiple anomaly detectors used in MAWILab.
Author	Fontugne, Romain Casas, Pedro Fukuda, Kensuke Mazel, Johan Owezarski, Philippe
Author_xml	– sequence: 1 givenname: Johan surname: Mazel fullname: Mazel, Johan organization: National Institute of Informatics (NII), Tokyo, Japan – sequence: 2 givenname: Pedro surname: Casas fullname: Casas, Pedro email: Correspondence to: Pedro Casas, The Telecommunications Research Center Vienna, Donau-City-Straße 1, A-1220 Vienna, Austria., casas@ftw.at organization: The Telecommunications Research Center Vienna (FTW), Vienna, Austria – sequence: 3 givenname: Romain surname: Fontugne fullname: Fontugne, Romain organization: National Institute of Informatics (NII), Tokyo, Japan – sequence: 4 givenname: Kensuke surname: Fukuda fullname: Fukuda, Kensuke organization: National Institute of Informatics (NII), Tokyo, Japan – sequence: 5 givenname: Philippe surname: Owezarski fullname: Owezarski, Philippe organization: CNRS, LAAS, 7 avenue du colonel Roche, F-31077, Toulouse Cedex 4, France
BackLink	https://cir.nii.ac.jp/crid/1871991017725156608$$DView record in CiNii https://laas.hal.science/hal-01927394$$DView record in HAL
BookMark	eNp1kU1v1DAQhiNUJNqCxE-IBAc4ZPEk8Re3qipdpKVIUNSj5XUm1G3WXmyndP99naa0EoKL7fE8M34970Gx57zDongNZAGE1B8cbhYgSfOs2AciZQU52JvOlFYcWvGiOIjximQUJN8vzHJ0ybqfpU5Jm-tYWlemSyw7Ha4_lmYYY8Jwn3ddaXwIOOhkvcuxHnbRxrL3oRxdHLcYbmzELmf8JufKDhOaiX1ZPO_1EPHVw35Y_Ph0cn68rFZfTz8fH60qQ2veVIZDQxnVYNZrbI2gfd-vxZpJzQSXRFDBmDAAQjQ1oSig6WjNNIp-zXWHdXNYvJ_7XupBbYPd6LBTXlu1PFqp6Y6AzA_J9gYy-25mt8H_GjEmtbHR4DBoh36MCjhtaB5aSzP65i_0yo8hf3-iiGSyBcoytZgpE3yMAXtlbLofVQraDgqImvxR2R81-fOk4LHgj-R_oNWM_rYD7v7LqbOTLw_825l31mYZ0wqCg5RAgPOaZr2MiKe2Npt8-9g2O68YbzhVF2en6lv7fSnFRavOmzvpVLlP
CitedBy_id	crossref_primary_10_1109_TNSM_2020_3037019 crossref_primary_10_1109_TNSE_2022_3206353 crossref_primary_10_1007_s11042_020_08653_8 crossref_primary_10_1109_TDSC_2020_2979183 crossref_primary_10_1109_ACCESS_2019_2916648 crossref_primary_10_1002_nem_1992 crossref_primary_10_1002_nem_2159 crossref_primary_10_1007_s00521_022_07156_x crossref_primary_10_1109_TSMC_2016_2600405 crossref_primary_10_1109_ACCESS_2017_2689001 crossref_primary_10_1002_nem_2129 crossref_primary_10_1016_j_neucom_2018_11_105
Cites_doi	10.1007/978-3-642-28537-0_18 10.1145/1327452.1327492 10.1007/978-1-4615-0953-0_4 10.1145/1298306.1298316 10.1145/1080091.1080118 10.1109/ALLERTON.2009.5394858 10.1016/j.comnet.2011.07.008 10.1109/TPAMI.2005.113 10.1145/276305.276314 10.1109/NTMS.2011.5721067 10.1145/2254756.2254821 10.1109/TNET.2012.2187306 10.1145/1456659.1456660 10.1145/1352664.1352675 10.1109/ITC.2014.6932930 10.1016/j.comnet.2013.07.028 10.1109/INFCOM.2009.5061947 10.1007/s10115-009-0226-y 10.1109/ICASSP.2015.7179029 10.1016/j.comnet.2011.08.015 10.1109/INFCOM.2009.5061979 10.1016/j.ins.2007.03.025 10.1145/2535372.2535411 10.4018/ijmcmc.2014010102 10.1145/1851182.1851215 10.1016/j.comcom.2012.12.002 10.1145/1330107.1330147 10.1145/637201.637210 10.1145/1007730.1007731 10.1145/948205.948236 10.1145/1541880.1541882 10.1016/j.comnet.2014.08.007 10.1109/TNET.2005.860096 10.1145/1921168.1921179 10.1007/978-3-642-05284-2_6 10.1145/1015467.1015492 10.1109/INFCOM.2010.5462151 10.14778/1687627.1687770 10.1145/2034594.2034598 10.1016/j.patrec.2009.09.011 10.1145/997150.997156 10.1109/TNET.2007.911438
ContentType	Journal Article
Contributor	Laboratoire d'analyse et d'architecture des systèmes (LAAS) Équipe Services et Architectures pour Réseaux Avancés (LAAS-SARA) ; Laboratoire d'analyse et d'architecture des systèmes (LAAS) ; Université Toulouse Capitole (UT Capitole) ; Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J) ; Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3) ; Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Université de Toulouse (UT)-Université Toulouse Capitole (UT Capitole) ; Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Unive
Contributor_xml	– sequence: 1 fullname: Équipe Services et Architectures pour Réseaux Avancés (LAAS-SARA) ; Laboratoire d'analyse et d'architecture des systèmes (LAAS) ; Université Toulouse Capitole (UT Capitole) ; Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J) ; Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3) ; Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Université de Toulouse (UT)-Université Toulouse Capitole (UT Capitole) ; Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J) ; Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3) ; Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Université de Toulouse (UT) – sequence: 2 fullname: Austrian Institute of Technology [Vienna] (AIT) – sequence: 3 fullname: National Institute of Informatics (NII) – sequence: 4 fullname: Équipe Services et Architectures pour Réseaux Avancés (LAAS-SARA) ; Laboratoire d'analyse et d'architecture des systèmes (LAAS) ; Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1) ; Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3) ; Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1) ; Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3) ; Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Université Fédérale Toulouse Midi-Pyrénées – sequence: 5 fullname: Équipe Services et Architectures pour Réseaux Avancés (LAAS-SARA) – sequence: 6 fullname: Laboratoire d'analyse et d'architecture des systèmes (LAAS) – sequence: 7 fullname: Université Toulouse Capitole (UT Capitole) – sequence: 8 fullname: Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) – sequence: 9 fullname: Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J) – sequence: 10 fullname: Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3) – sequence: 11 fullname: Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) – sequence: 12 fullname: Université de Toulouse (UT)-Université Toulouse Capitole (UT Capitole) – sequence: 13 fullname: Université de Toulouse (UT) – sequence: 14 fullname: Austrian Institute of Technology Vienna (AIT)
Copyright	Copyright © 2015 John Wiley & Sons, Ltd. Distributed under a Creative Commons Attribution 4.0 International License
Copyright_xml	– notice: Copyright © 2015 John Wiley & Sons, Ltd. – notice: Distributed under a Creative Commons Attribution 4.0 International License
DBID	BSCLL RYH AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D 1XC VOOES
DOI	10.1002/nem.1903
DatabaseName	Istex CiNii Complete CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional Hyper Article en Ligne (HAL) Hyper Article en Ligne (HAL) (Open Access)
DatabaseTitle	CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional
DatabaseTitleList	Technology Research Database Technology Research Database CrossRef
DeliveryMethod	fulltext_linktorsrc
Discipline	Engineering Computer Science
EISSN	1099-1190
EndPage	305
ExternalDocumentID	oai:HAL:hal-01927394v1 3799167861 10_1002_nem_1903 NEM1903 ark_67375_WNG_R4SH98W4_T
Genre	article
GroupedDBID	.3N .4S .DC .GA .Y3 05W 0R~ 1L6 1OB 1OC 31~ 33P 3SF 3WU 4.4 50Y 50Z 52M 52O 52T 52U 52W 5GY 5VS 66C 6OB 702 7PT 8-0 8-1 8-3 8-4 8-5 8UM 8US 930 A03 AAESR AAEVG AAHQN AAMMB AAMNL AANHP AANLZ AAONW AASGY AAXRX AAYCA AAZKR ABCUV ABIJN ABPVW ACAHQ ACBWZ ACCZN ACGFS ACPOU ACRPL ACXBN ACXQS ACYXJ ADBBV ADEOM ADIZJ ADKYN ADMGS ADMLS ADNMO ADOZA ADXAS ADZMN AEFGJ AEIGN AEIMD AENEX AEUYR AEYWJ AFBPY AFFPM AFGKR AFWVQ AFZJQ AGHNM AGQPQ AGXDD AGYGG AHBTC AIDQK AIDYY AIQQE AITYG AIURR AJXKR ALAGY ALMA_UNASSIGNED_HOLDINGS ALVPJ AMBMR AMYDB ARCSS ASPBG ATUGU AUFTA AVWKF AZBYB AZFZN AZVAB BAFTC BDRZF BFHJK BHBCM BMNLL BMXJE BNHUX BROTX BRXPI BSCLL CMOOK CS3 D-E D-F DCZOG DPXWK DR2 DRFUL DRSTM DU5 EBS EJD F00 F01 F04 F21 FEDTE G-S G.N GNP GODZA H.T H.X HF~ HGLYW HHY HVGLF HZ~ IX1 JPC KQQ LATKE LAW LEEKS LH4 LITHE LOXES LP6 LP7 LUTES LW6 LYRES M59 MEWTI MK4 MRFUL MRSTM MSFUL MSSTM MXFUL MXSTM N04 N05 NF~ O66 O9- OIG P2P P2W P2X P4D PALCI PQQKQ Q.N QB0 QRW R.K RIWAO RJQFR ROL RX1 RYL SAMSI SUPJJ TUS UB1 V2E W8V W99 WBKPD WIH WIK WOHZO WXSBR WYISQ WZISG XPP XV2 YZZ ZZTAW ~IA ~WT RYH AAYXX CITATION O8X 7SC 7SP 8FD ALUQN JQ2 L7M L~C L~D 1XC VOOES
ID	FETCH-LOGICAL-c5273-c713565a1cbbe4c85fffb8b69a68790858668c11883205e813d526ae8fb7ade23
IEDL.DBID	DRFUL
ISICitedReferencesCount	20
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000360842100003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	1055-7148
IngestDate	Sat Nov 29 15:04:27 EST 2025 Sun Nov 09 12:57:57 EST 2025 Fri Jul 25 04:27:39 EDT 2025 Sat Nov 29 02:53:34 EST 2025 Tue Nov 18 22:37:41 EST 2025 Tue Nov 11 03:14:18 EST 2025 Mon Nov 10 09:18:01 EST 2025 Tue Nov 11 03:32:55 EST 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	5
Keywords	Anomaly Correlation Outliers Detection Unsupervised Anomaly Detection & Characterization Filtering Rules Clustering
Language	English
License	http://onlinelibrary.wiley.com/termsAndConditions#vor Distributed under a Creative Commons Attribution 4.0 International License: http://creativecommons.org/licenses/by/4.0
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c5273-c713565a1cbbe4c85fffb8b69a68790858668c11883205e813d526ae8fb7ade23
Notes	ArticleID:NEM1903 ark:/67375/WNG-R4SH98W4-T istex:071D030CDA99205A2F1C73B7BF3C61B0E4C74896 ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 content type line 23
ORCID	0000-0001-7713-7003
OpenAccessLink	https://laas.hal.science/hal-01927394
PQID	1709694156
PQPubID	2034908
PageCount	23
ParticipantIDs	hal_primary_oai_HAL_hal_01927394v1 proquest_miscellaneous_1753510545 proquest_journals_1709694156 crossref_citationtrail_10_1002_nem_1903 crossref_primary_10_1002_nem_1903 wiley_primary_10_1002_nem_1903_NEM1903 nii_cinii_1871991017725156608 istex_primary_ark_67375_WNG_R4SH98W4_T
PublicationCentury	2000
PublicationDate	September/October 2015
PublicationDateYYYYMMDD	2015-09-01
PublicationDate_xml	– month: 09 year: 2015 text: September/October 2015
PublicationDecade	2010
PublicationPlace	Chichester
PublicationPlace_xml	– name: Chichester
PublicationSeriesTitle	Measure, Detect and Mitigate ‐ Challenges and Trends in Network Security
PublicationTitle	International Journal of Network Management
PublicationTitleAlternate	Int. J. Network Mgmt
PublicationYear	2015
Publisher	Blackwell Publishing Ltd Wiley Wiley Subscription Services, Inc
Publisher_xml	– name: Blackwell Publishing Ltd – name: Wiley – name: Wiley Subscription Services, Inc
References	Müller E, Günnemann S, Assent I, Seidl T. Evaluating clustering in subspace projections of high dimensional data. Proceedings of VLDB Endowment. 2009; 2: 1270-1281. Xu K, Zhang ZL, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Transactions on Networking. 2008; 16(6): 1241-1252. Moise G, Zimek A, Kröger P, Kriegel HP, Sander J. Subspace and projected clustering: experimental evaluation and analysis. Knowledge and Information Systems. 2009; 21: 299-326. Strehl A, Ghosh J. Cluster ensembles-a knowledge reuse framework for combining multiple partitions. Journal of Machine Learning Research. 2003; 3: 583-617. Coluccia A, D'alconzo A, Ricciato F. Distribution-based anomaly detection via generalized likelihood ratio test: A general maximum entropy approach. Computer Networks. 2013; 57(17): 3446-3462. Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K. Anomaly extraction in backbone networks using association rules. IEEE/ACM Transactions on Networking. 2012; 20(6): 1788-1799. Gamer T. Collaborative anomaly-based detection of large-scale internet attacks. Computer Networks. 2012; 56(1): 169-185. Bhuyan MH, Bhattacharyya DK, Kalita JK. Towards an unsupervised method for network anomaly detection in large datasets. Computing and Informatics. 2014; 33(1): 1-34. Novakov S, Lung CH, Lambadaris I, Seddigh N. A hybrid technique using PCA and wavelets in network traffic anomaly detection. International Journal of Mobile Computing and Multimedia Communications. 2014; 6(1): 17-53. Marnerides A, Schaeffer-Filho A, Mauthe A. Traffic anomaly diagnosis in internet backbone networks: a survey. Computer Networks. 2014; 73(0): 224-243. Cormode G, Muthukrishnan S. What's new: finding significant differences in network data streams. IEEE/ACM Transactions on Networking. 2005; 13: 1219-1232. Jain AK. Data clustering: 50 years beyond k-means. Pattern Recognition Letters. 2010; 31: 651-666. Dean J, Ghemawat S. MapReduce: simplified data processing on large clusters. Communications of the ACM. 2008; 51(1): 107-113. Agrawal R, Gehrke J, Gunopulos D, Raghavan P. Automatic subspace clustering of high dimensional data for data mining applications. SIGMOD Record. 1998; 27(2): 94-105. Shon T, Moon J. A hybrid machine learning approach to network anomaly detection. Information Sciences. 2007; 177: 3799-3821. Fred ALN, Jain AK. Combining multiple clusterings using evidence accumulation. IEEE Transactions on Pattern Analysis and Machine Intelligence. 2005; 27: 835-850. Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review. 2004; 34(2): 39-53. Kanda Y, Fontugne R, Fukuda K, Sugawara T. ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches. Computer Communications. 2013; 36(5): 575-588. Chandola V, Banerjee A, Kumar V. Anomaly detection: a survey. ACM Computing Surveys. 2009; 41(3): 15:1-15:58. Tellenbach B, Burkhart M, Schatzmann D, Gugelmann D, Sornette D. Accurate network anomaly classification with generalized entropy metrics. Computer Networks. 2011; 55(15): 3485-3502. Fontugne R, Fukuda K. A Hough-transform-based anomaly detector with an adaptive time interval. ACM SIGAPP Applied Computing Review. 2011; 11(3): 41-51. Parsons L, Haque E, Liu H. Subspace clustering for high dimensional data: a review. SIGKDD Exploration Newsletter. 2004; 6: 90-105. Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data.Applications of Data Mining in Computer Security. 2002; 6: 77-101. 1998; 27 2010; 31 2009; 41 2009; 21 2012 2011 2010 2002; 6 2008; 16 2009 2008 2011; 11 2007 2011; 55 2004; 6 1996 2005 2004 2003 2002 2005; 27 2008; 51 2012; 56 2013; 36 2001 2000 2013; 57 2007; 177 2004; 34 2003; 3 2015 2014 2013 2014; 73 2009; 2 2014; 6 2012; 20 2014; 33 2005; 13 e_1_2_8_28_1 e_1_2_8_24_1 e_1_2_8_26_1 e_1_2_8_49_1 e_1_2_8_3_1 e_1_2_8_5_1 e_1_2_8_7_1 e_1_2_8_9_1 e_1_2_8_20_1 e_1_2_8_43_1 e_1_2_8_22_1 e_1_2_8_45_1 e_1_2_8_17_1 e_1_2_8_19_1 e_1_2_8_13_1 e_1_2_8_36_1 e_1_2_8_15_1 e_1_2_8_38_1 e_1_2_8_32_1 e_1_2_8_11_1 e_1_2_8_34_1 Bhuyan MH (e_1_2_8_41_1) 2014; 33 e_1_2_8_51_1 e_1_2_8_30_1 e_1_2_8_29_1 e_1_2_8_25_1 e_1_2_8_46_1 e_1_2_8_27_1 e_1_2_8_48_1 e_1_2_8_2_1 e_1_2_8_4_1 e_1_2_8_6_1 e_1_2_8_8_1 e_1_2_8_21_1 e_1_2_8_42_1 e_1_2_8_23_1 e_1_2_8_44_1 e_1_2_8_40_1 e_1_2_8_18_1 e_1_2_8_39_1 e_1_2_8_14_1 e_1_2_8_35_1 e_1_2_8_16_1 e_1_2_8_37_1 Strehl A (e_1_2_8_47_1) 2003; 3 e_1_2_8_10_1 e_1_2_8_31_1 e_1_2_8_12_1 e_1_2_8_33_1 e_1_2_8_52_1 e_1_2_8_50_1
References_xml	– reference: Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data.Applications of Data Mining in Computer Security. 2002; 6: 77-101. – reference: Bhuyan MH, Bhattacharyya DK, Kalita JK. Towards an unsupervised method for network anomaly detection in large datasets. Computing and Informatics. 2014; 33(1): 1-34. – reference: Chandola V, Banerjee A, Kumar V. Anomaly detection: a survey. ACM Computing Surveys. 2009; 41(3): 15:1-15:58. – reference: Novakov S, Lung CH, Lambadaris I, Seddigh N. A hybrid technique using PCA and wavelets in network traffic anomaly detection. International Journal of Mobile Computing and Multimedia Communications. 2014; 6(1): 17-53. – reference: Jain AK. Data clustering: 50 years beyond k-means. Pattern Recognition Letters. 2010; 31: 651-666. – reference: Agrawal R, Gehrke J, Gunopulos D, Raghavan P. Automatic subspace clustering of high dimensional data for data mining applications. SIGMOD Record. 1998; 27(2): 94-105. – reference: Gamer T. Collaborative anomaly-based detection of large-scale internet attacks. Computer Networks. 2012; 56(1): 169-185. – reference: Moise G, Zimek A, Kröger P, Kriegel HP, Sander J. Subspace and projected clustering: experimental evaluation and analysis. Knowledge and Information Systems. 2009; 21: 299-326. – reference: Coluccia A, D'alconzo A, Ricciato F. Distribution-based anomaly detection via generalized likelihood ratio test: A general maximum entropy approach. Computer Networks. 2013; 57(17): 3446-3462. – reference: Fred ALN, Jain AK. Combining multiple clusterings using evidence accumulation. IEEE Transactions on Pattern Analysis and Machine Intelligence. 2005; 27: 835-850. – reference: Shon T, Moon J. A hybrid machine learning approach to network anomaly detection. Information Sciences. 2007; 177: 3799-3821. – reference: Kanda Y, Fontugne R, Fukuda K, Sugawara T. ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches. Computer Communications. 2013; 36(5): 575-588. – reference: Parsons L, Haque E, Liu H. Subspace clustering for high dimensional data: a review. SIGKDD Exploration Newsletter. 2004; 6: 90-105. – reference: Strehl A, Ghosh J. Cluster ensembles-a knowledge reuse framework for combining multiple partitions. Journal of Machine Learning Research. 2003; 3: 583-617. – reference: Müller E, Günnemann S, Assent I, Seidl T. Evaluating clustering in subspace projections of high dimensional data. Proceedings of VLDB Endowment. 2009; 2: 1270-1281. – reference: Marnerides A, Schaeffer-Filho A, Mauthe A. Traffic anomaly diagnosis in internet backbone networks: a survey. Computer Networks. 2014; 73(0): 224-243. – reference: Tellenbach B, Burkhart M, Schatzmann D, Gugelmann D, Sornette D. Accurate network anomaly classification with generalized entropy metrics. Computer Networks. 2011; 55(15): 3485-3502. – reference: Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K. Anomaly extraction in backbone networks using association rules. IEEE/ACM Transactions on Networking. 2012; 20(6): 1788-1799. – reference: Dean J, Ghemawat S. MapReduce: simplified data processing on large clusters. Communications of the ACM. 2008; 51(1): 107-113. – reference: Cormode G, Muthukrishnan S. What's new: finding significant differences in network data streams. IEEE/ACM Transactions on Networking. 2005; 13: 1219-1232. – reference: Fontugne R, Fukuda K. A Hough-transform-based anomaly detector with an adaptive time interval. ACM SIGAPP Applied Computing Review. 2011; 11(3): 41-51. – reference: Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review. 2004; 34(2): 39-53. – reference: Xu K, Zhang ZL, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Transactions on Networking. 2008; 16(6): 1241-1252. – start-page: 333 year: 2005 end-page: 342 – start-page: 1 year: 2010 end-page: 9 – year: 2001 – year: 2007 article-title: METROlogy for SECurity and QOS – start-page: 145 year: 2007 end-page: 152 – start-page: 51 year: 2000 end-page: 56 – volume: 27 start-page: 94 issue: 2 year: 1998 end-page: 105 article-title: Automatic subspace clustering of high dimensional data for data mining applications publication-title: SIGMOD Record – volume: 2 start-page: 1270 year: 2009 end-page: 1281 article-title: Evaluating clustering in subspace projections of high dimensional data publication-title: Proceedings of VLDB Endowment – start-page: 8:1 year: 2010 end-page: 8:12 – start-page: 1 year: 2008 end-page: 7 – volume: 51 start-page: 107 issue: 1 year: 2008 end-page: 113 article-title: MapReduce: simplified data processing on large clusters publication-title: Communications of the ACM – start-page: 71 year: 2002 end-page: 82 – volume: 36 start-page: 575 issue: 5 year: 2013 end-page: 588 article-title: ADMIRE: Anomaly detection method using entropy‐based PCA with three‐step sketches publication-title: Computer Communications – start-page: 217 year: 2005 end-page: 228 – start-page: 25 year: 2013 end-page: 30 – volume: 56 start-page: 169 issue: 1 year: 2012 end-page: 185 article-title: Collaborative anomaly‐based detection of large‐scale internet attacks publication-title: Computer Networks – volume: 6 start-page: 77 year: 2002 end-page: 101 article-title: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. publication-title: Applications of Data Mining in Computer Security – start-page: 331 year: 2005 end-page: 344 – volume: 34 start-page: 39 issue: 2 year: 2004 end-page: 53 article-title: A taxonomy of DDoS attack and DDoS defense mechanisms publication-title: ACM SIGCOMM Computer Communication Review – start-page: 179 year: 2012 end-page: 188 – year: 2015 – volume: 57 start-page: 3446 issue: 17 year: 2013 end-page: 3462 article-title: Distribution‐based anomaly detection via generalized likelihood ratio test: A general maximum entropy approach publication-title: Computer Networks – start-page: 139 year: 2000 end-page: 146 – start-page: 37 year: 2012 end-page: 50 – volume: 27 start-page: 835 year: 2005 end-page: 850 article-title: Combining multiple clusterings using evidence accumulation publication-title: IEEE Transactions on Pattern Analysis and Machine Intelligence – start-page: 77 year: 2007 end-page: 82 – start-page: 424 year: 2009 end-page: 432 – volume: 13 start-page: 1219 year: 2005 end-page: 1232 article-title: What's new: finding significant differences in network data streams publication-title: IEEE/ACM Transactions on Networking – start-page: 128 year: 2009 end-page: 135 – volume: 6 start-page: 90 year: 2004 end-page: 105 article-title: Subspace clustering for high dimensional data: a review publication-title: SIGKDD Exploration Newsletter – volume: 20 start-page: 1788 issue: 6 year: 2012 end-page: 1799 article-title: Anomaly extraction in backbone networks using association rules publication-title: IEEE/ACM Transactions on Networking – volume: 55 start-page: 3485 issue: 15 year: 2011 end-page: 3502 article-title: Accurate network anomaly classification with generalized entropy metrics publication-title: Computer Networks – start-page: 1 year: 2011 end-page: 5 – volume: 73 start-page: 224 issue: 0 year: 2014 end-page: 243 article-title: Traffic anomaly diagnosis in internet backbone networks: a survey publication-title: Computer Networks – start-page: 234 year: 2003 end-page: 247 – volume: 16 start-page: 1241 issue: 6 year: 2008 end-page: 1252 article-title: Internet traffic behavior profiling for network security monitoring publication-title: IEEE/ACM Transactions on Networking – start-page: 711 year: 2009 end-page: 719 – volume: 41 start-page: 15:1 issue: 3 year: 2009 end-page: 15:58 article-title: Anomaly detection: a survey publication-title: ACM Computing Surveys – volume: 177 start-page: 3799 year: 2007 end-page: 3821 article-title: A hybrid machine learning approach to network anomaly detection publication-title: Information Sciences – volume: 21 start-page: 299 year: 2009 end-page: 326 article-title: Subspace and projected clustering: experimental evaluation and analysis publication-title: Knowledge and Information Systems – volume: 3 start-page: 583 year: 2003 end-page: 617 article-title: Cluster ensembles—a knowledge reuse framework for combining multiple partitions publication-title: Journal of Machine Learning Research – start-page: 226 year: 1996 end-page: 231 – start-page: 219 year: 2004 end-page: 230 – start-page: 267 year: 2010 end-page: 278 – start-page: 1 year: 2011 end-page: 8 – volume: 6 start-page: 17 issue: 1 year: 2014 end-page: 53 article-title: A hybrid technique using PCA and wavelets in network traffic anomaly detection publication-title: International Journal of Mobile Computing and Multimedia Communications – volume: 31 start-page: 651 year: 2010 end-page: 666 article-title: Data clustering: 50 years beyond k‐means publication-title: Pattern Recognition Letters – start-page: 91 year: 2009 end-page: 100 – start-page: 1 year: 2014 end-page: 9 – volume: 33 start-page: 1 issue: 1 year: 2014 end-page: 34 article-title: Towards an unsupervised method for network anomaly detection in large datasets publication-title: Computing and Informatics – volume: 11 start-page: 41 issue: 3 year: 2011 end-page: 51 article-title: A Hough‐transform‐based anomaly detector with an adaptive time interval publication-title: ACM SIGAPP Applied Computing Review – ident: e_1_2_8_28_1 doi: 10.1007/978-3-642-28537-0_18 – ident: e_1_2_8_50_1 doi: 10.1145/1327452.1327492 – ident: e_1_2_8_11_1 doi: 10.1007/978-1-4615-0953-0_4 – ident: e_1_2_8_38_1 doi: 10.1145/1298306.1298316 – ident: e_1_2_8_14_1 doi: 10.1145/1080091.1080118 – ident: e_1_2_8_3_1 – ident: e_1_2_8_36_1 doi: 10.1109/ALLERTON.2009.5394858 – ident: e_1_2_8_27_1 doi: 10.1016/j.comnet.2011.07.008 – ident: e_1_2_8_44_1 doi: 10.1109/TPAMI.2005.113 – ident: e_1_2_8_49_1 doi: 10.1145/276305.276314 – ident: e_1_2_8_4_1 – ident: e_1_2_8_2_1 doi: 10.1109/NTMS.2011.5721067 – ident: e_1_2_8_29_1 doi: 10.1145/2254756.2254821 – ident: e_1_2_8_10_1 – ident: e_1_2_8_9_1 doi: 10.1109/TNET.2012.2187306 – ident: e_1_2_8_35_1 doi: 10.1145/1456659.1456660 – ident: e_1_2_8_7_1 doi: 10.1145/1352664.1352675 – ident: e_1_2_8_15_1 – ident: e_1_2_8_30_1 doi: 10.1109/ITC.2014.6932930 – ident: e_1_2_8_12_1 – ident: e_1_2_8_31_1 doi: 10.1016/j.comnet.2013.07.028 – ident: e_1_2_8_40_1 doi: 10.1109/INFCOM.2009.5061947 – ident: e_1_2_8_52_1 doi: 10.1007/s10115-009-0226-y – ident: e_1_2_8_18_1 doi: 10.1109/ICASSP.2015.7179029 – ident: e_1_2_8_48_1 – volume: 3 start-page: 583 year: 2003 ident: e_1_2_8_47_1 article-title: Cluster ensembles—a knowledge reuse framework for combining multiple partitions publication-title: Journal of Machine Learning Research – ident: e_1_2_8_32_1 doi: 10.1016/j.comnet.2011.08.015 – ident: e_1_2_8_37_1 doi: 10.1109/INFCOM.2009.5061979 – ident: e_1_2_8_39_1 doi: 10.1016/j.ins.2007.03.025 – ident: e_1_2_8_17_1 – ident: e_1_2_8_33_1 doi: 10.1145/2535372.2535411 – ident: e_1_2_8_42_1 doi: 10.4018/ijmcmc.2014010102 – ident: e_1_2_8_21_1 doi: 10.1145/1851182.1851215 – ident: e_1_2_8_8_1 doi: 10.1016/j.comcom.2012.12.002 – ident: e_1_2_8_19_1 doi: 10.1145/1330107.1330147 – ident: e_1_2_8_16_1 doi: 10.1145/637201.637210 – ident: e_1_2_8_43_1 doi: 10.1145/1007730.1007731 – ident: e_1_2_8_20_1 doi: 10.1145/948205.948236 – ident: e_1_2_8_22_1 doi: 10.1145/1541880.1541882 – ident: e_1_2_8_23_1 doi: 10.1016/j.comnet.2014.08.007 – ident: e_1_2_8_45_1 doi: 10.1109/TNET.2005.860096 – volume: 33 start-page: 1 issue: 1 year: 2014 ident: e_1_2_8_41_1 article-title: Towards an unsupervised method for network anomaly detection in large datasets publication-title: Computing and Informatics – ident: e_1_2_8_5_1 doi: 10.1145/1921168.1921179 – ident: e_1_2_8_25_1 doi: 10.1007/978-3-642-05284-2_6 – ident: e_1_2_8_13_1 doi: 10.1145/1015467.1015492 – ident: e_1_2_8_26_1 doi: 10.1109/INFCOM.2010.5462151 – ident: e_1_2_8_51_1 doi: 10.14778/1687627.1687770 – ident: e_1_2_8_6_1 doi: 10.1145/2034594.2034598 – ident: e_1_2_8_46_1 doi: 10.1016/j.patrec.2009.09.011 – ident: e_1_2_8_34_1 doi: 10.1145/997150.997156 – ident: e_1_2_8_24_1 doi: 10.1109/TNET.2007.911438
SSID	ssj0002197 ssib017094102 ssib000451940
Score	2.1509817
Snippet	Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their... Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their networks'... Summary Network anomalies and attacks represent a serious challenge to ISPs, who need to cope with an increasing number of unknown events that put their...
SourceID	hal proquest crossref wiley nii istex
SourceType	Open Access Repository Aggregation Database Enrichment Source Index Database Publisher
StartPage	283
SubjectTerms	[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] Anomalies Anomaly Correlation Clustering Computer information security Computer Science Correlation analysis Detectors Filtering Rules MAWILab Networking and Internet Architecture Networks Outliers Detection Signatures Traffic engineering Traffic flow Unsupervised Anomaly Detection & Characterization unsupervised anomaly detection & characterization, clustering, outliers detection, anomaly correlation, filtering rules, MAWILab
Title	Hunting attacks in the dark: clustering and correlation analysis for unsupervised anomaly detection
URI	https://api.istex.fr/ark:/67375/WNG-R4SH98W4-T/fulltext.pdf https://cir.nii.ac.jp/crid/1871991017725156608 https://onlinelibrary.wiley.com/doi/abs/10.1002%2Fnem.1903 https://www.proquest.com/docview/1709694156 https://www.proquest.com/docview/1753510545 https://laas.hal.science/hal-01927394
Volume	25
WOSCitedRecordID	wos000360842100003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVWIB databaseName: Wiley Online Library - Journals customDbUrl: eissn: 1099-1190 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0002197 issn: 1055-7148 databaseCode: DRFUL dateStart: 19960101 isFulltext: true titleUrlDefault: https://onlinelibrary.wiley.com providerName: Wiley-Blackwell
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1Lb9QwEB7RXQ5w4F0RaJFBCE6heTm2uVXQZQ9lhUqr9mbZjiNWtNlqk1T8fGaSbLSVQELikiiZieTYM-PPyfgbgLfCxYWSpQmLyJowc9aHNs0VOp4rShcJJbjtik2IxUJeXKhvQ1Yl7YXp-SHGD27kGV28Jgc3tj7YIg31Vx9wNkt3YJqg2fIJTD-fzM6OxziMvtiVVok4DwWi_g31bJQcbJ69NRnt_KBUyCn17i-8qpbLW6hzG7t2k8_s4f80-xE8GCAnO-xt5DHc8dUTuL9FRPgU3LyvGMFM09Cme7asGCJDVpj1z4_MXbZEp9DJq4I5KujRp9Dhdc9pwhD7sraq22uKPbUvULK6QhkrfNNle1XP4Gx2dPppHg7lF0JHrGyho-p9OTexs9ZnTvKyLK20uTK5FAqhmsxz6XCBgkEh4l7GacGT3HhZWmEKn6S7MKlWlX8OzCfWiFLEXFiRycSqzHiVEDl9Ip2NbQDvN-Og3cBNTiUyLnXPqpxo7DZN3RbA61Hzuufj-IPOGxzKUUwE2vPDY033CNCKVGU3cQDvupEe1bBDKclNcH2--KJPsu9zJc8zfRrAPpoCNouOMa4vEVFjGBMIDBEKRzKAvY2R6MH_ax0LXBoqWhxjg0cxei79jjGVX7Wkw1OCtxnHtnQm89c30oujr3R-8a-KL-EeIjveJ8PtwaRZt34f7rqbZlmvXw2e8hsmTBQI
linkProvider	Wiley-Blackwell
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1Lb9QwELbaLhJw4I0ItGAQglNoXo5tOFXQJYhthMpW7c2yHUesaLPVblLx85nJS1sJJCQuiZKZSI49M_7sTL4h5DW3YSFFqf0iMNpPrHG-iVMJjmeL0gZccmbaYhM8z8XZmfy2RT4M_8J0_BDjhht6Rhuv0cFxQ3p_gzXUXbyD6SzeJpMErAjMe_LpeHoyGwMxOGNbWyVgzOcA-wfu2SDaH569Nhtt_8BcyAl27y-4qhaLa7BzE7y2s8_07n-1-x6504NOetBZyX2y5aoH5PYGFeFDYrOuZgTVdY2_3dNFRQEb0kKvfr6n9rxBQoVWXhXUYkmPLokOrjtWEwrolzbVurnE6LN2BUiWFyCjhavbfK_qETmZHs4_Zn5fgMG3yMvmW6zflzIdWmNcYgUry9IIk0qdCi4BrIk0FRaWKBAWAuZEGBcsSrUTpeG6cFH8mOxUy8o9IdRFRvOSh4wbnojIyEQ7GSE9fSSsCY1H3g4DoWzPTo5FMs5Vx6scKeg2hd3mkZej5mXHyPEHnVcwlqMYKbSzg5nCewhpeSyTq9Ajb9qhHtWgQzHNjTN1mn9Wx8n3TIrTRM09sge2AM3CYwgrTMDUEMg4QEMAw4HwyO5gJaqPAGsVclgcSlweQ4NHMfgufpDRlVs2qMNiBLgJg7a0NvPXN1L54RGen_6r4gtyM5sfzdTsS_71GbkFOI91qXG7ZKdeNW6P3LBX9WK9et67zW-pLhf4
linkToPdf	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3db9MwED9tLULwwDcisIFBCJ6y5cuxDU8TWymiVNPYtL1ZtuOIii2t-jHx53OXpFEngYTES6LkLpJj-86_S86_A3grXFwoWZqwiKwJM2d9aNNcoeG5onSRUILbutiEGI_lxYU63oKP670wDT9E98GNLKP212TgflaU-xusof5qD5ezdBv6GdWQ6UH_8GRwNuocMRpjXVsl4jwUCPvX3LNRsr9-9sZqtP2DciH71L2_8KqaTG7Azk3wWq8-g_v_1e4HcK8FneygmSUPYctXj-DuBhXhY3DDpmYEM8slbbtnk4ohNmSFmf_8wNzliggVanlVMEclPZokOrxuWE0Yol-2qharGXmfhS9QMr1CGSv8ss73qp7A2eDo9NMwbAswhI542UJH9ftybmJnrc-c5GVZWmlzZXIpFII1mefSYYiCbiHiXsZpwZPceFlaYQqfpE-hV00r_wyYT6wRpYi5sCKTiVWZ8SohevpEOhvbAN6vB0K7lp2cimRc6oZXOdHYbZq6LYDXneasYeT4g84bHMtOTBTaw4ORpnsEaUWqsus4gHf1UHdq2KGU5ia4Ph9_1ifZ96GS55k-DWAX5wI2i44xRpiIqdGRCYSGCIYjGcDOepbo1gMsdCwwOFQUHmODOzHaLv2QMZWfrkiHpwRwM45tqefMX99Ij4--0fn5vyq-gtvHhwM9-jL--gLuIMzjTWbcDvSW85XfhVvuejlZzF-2VvMbENUXcw
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Hunting+attacks+in+the+dark%3A+clustering+and+correlation+analysis+for+unsupervised+anomaly+detection&rft.jtitle=International+journal+of+network+management&rft.au=Mazel%2C+Johan&rft.au=Casas%2C+Pedro&rft.au=Fontugne%2C+Romain&rft.au=Fukuda%2C+Kensuke&rft.date=2015-09-01&rft.issn=1055-7148&rft.eissn=1099-1190&rft.volume=25&rft.issue=5&rft.spage=283&rft.epage=305&rft_id=info:doi/10.1002%2Fnem.1903&rft.externalDBID=NO_FULL_TEXT
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1055-7148&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1055-7148&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1055-7148&client=summon