[1] M. Thottan and C. Y. Ji, “Anomaly detection in IP networks,” IEEE Transactions on Signal Processing, 51(8): pp. 2191–2204, 2003.
[2] M. Roesch, “Snort-lightweight intusion detection for networks,” in USENIX LISA 1999, Seattle, WA, November 1999.
[3] P. Barford et al., “A signal analysis of network traffic anomalies,” in ACM SIGCOMM Internet Measurement Workshop, November 2002.
[4] A. Hussein, J. Heidemann, and C. Papadopoulus, “A framework for classifying denial of service attacks,” in ACM SIGCOMM, August 2003.
[5] A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” in ACM SIGCOMM, September 2004.
[6] D. Plonka, “FlowScan: A network traffic flow reporting and visualization tool,” in USENIX LISA 2000, New Orleans, LA, December 2000.
[7] J. Mirkovic, G. Prier, and P. Reiher, “Attacking DDoS at the source,” in IEEE International Conference on Network Protocols, November 2002.
[8] A. Garg and A. L. N. Reddy, “Mitigation of DoS attacks through QoS regulation,” in Proceedings of IWQOS, May 2002.
[9] J. Ioannidis and S. M. Bellovin, “Implementing pushback: Router-based defense against DDoS attacks,” in Proceedings of Network and Distributed System Security Symposium, February 2002.
[10] Y. Zhang, L. Breslau, V. Paxson, and S. Shenker, “On the characteristics and origins of internet flow rates,” in ACMSIGCOMM, August 2002.
[11] Smitha, I. Kim, and A. L. N. Reddy, “Identifying long term high rate flows at a router,” in Proceedings of High Performance Computing, December 2001.
[12] I. Kim, “Analyzing network traces to identify long-term high rate flows,” M. S. thesis, TAMU-ECE-2001-02, May 2001.
[13] R. Mahajan, et al., “Controlling high bandwidth aggregates in the network,” ACM Computer Communication Review, Vol. 32, No. 3, July 2002.
[14] C. Estan and G. Varghese, “New directions in traffic measurement and accounting,” in ACM SIGCOMM, August 2002.
[15] A. Medina et al., “Traffic matrix estimation: Existing techniques and new directions,” in ACM SIGCOMM, August 2002.
[16] D. Tong and A. L. N. Reddy, “QOS enhancement with partial state,” in Proceedings of IWQOS, June 1999.
[17] Packeteer, “PacketShaper Express,” white paper, 2003, http://www. packeteer. Com / resources / prod-sol/Xpress_ Whitepaper.pdf.
[18] S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan, and V. Paxson, “Pushback messages for controlling aggregates in the network,” IETF Internet draft, work in progress, July 2001.
[19] S. Savage, D. Whetherall, A. Karlin, and T. Anderson, “Practical network support for IP traceback,” in ACM SIGCOMM, 2000.
[20] S. S. Kim and A. L. N. Reddy, “Statistical techniques for detecting traffic anomalies through packet header data,” IEEE/ACM Transaction on Networking, Vol. 16, No. 3, pp. 562–575, June 2008.
[21] A. Kuzmanovic and E. Knightly, “Low-rate TCP-targeted denial of service attacks,” in ACM SIGCOMM, Karlsruhe, Germany, August 2003.
[22] A. Feldmann, A. Gilbert, P. Huang, and W. Willinger, “Dynamics of IP traffic: A study of the role of variability and the impact of control,” ACM Computer Communication Review, Vol. 29, No. 4, pp. 301–313, 1999.
[23] C. M. Cheng, H. T. Kung, and K. S. Tan, “Use of spectral analysis in defense against DoS attacks,” in IEEE Globecom, 2002.
[24] J. B. D. Cabrera, L. Lewis, and X. Z. Qin, “Proactive detection of distributed denial of service attacks using MIB traffic variables–a feasibility study,” IEEE Transactions on Signal Processing, 49(6): pp. 609–622, 2001.
[25] S. Wang, L. C. Sun, and G. Z. Gan, “Application research based on Granger causality test for attack detection,” Computer Applications, 25 (6): pp. 1282–1285, 2005.
[26] F. Zhang and J. Hellerstein, “An approach to on-line predictive detection,” in proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, San Francisco, CA, IEEE Computer Society, pp. 549–556 August 2000.
[27] J. Hamilton, “Time series analysis,” Princeton University Press, 1994.
[28] B. X. Zou and Z. Q. Yao, “A method to stabilize network traffic,” Journal of China Institute of Communications, 25(8): pp. 14–23, 2004.
[29] P. J. Criscuolo, “Distribution denial of service — trin00, tribe flood network, tribe flood network 2000, and stacheldraht,” CIAC–2319, Department of Energy — CIAC (Computer Incident Advisory Capacity), 2000.