M. Thottan and C. Y. Ji, “Anomaly detection in IP networks,” IEEE Transactions on Signal Processing, 51(8): pp. 2191–2204, 2003.
 M. Roesch, “Snort-lightweight intusion detection for networks,” in USENIX LISA 1999, Seattle, WA, November 1999.
 P. Barford et al., “A signal analysis of network traffic anomalies,” in ACM SIGCOMM Internet Measurement Workshop, November 2002.
 A. Hussein, J. Heidemann, and C. Papadopoulus, “A framework for classifying denial of service attacks,” in ACM SIGCOMM, August 2003.
 A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” in ACM SIGCOMM, September 2004.
 D. Plonka, “FlowScan: A network traffic flow reporting and visualization tool,” in USENIX LISA 2000, New Orleans, LA, December 2000.
 J. Mirkovic, G. Prier, and P. Reiher, “Attacking DDoS at the source,” in IEEE International Conference on Network Protocols, November 2002.
 A. Garg and A. L. N. Reddy, “Mitigation of DoS attacks through QoS regulation,” in Proceedings of IWQOS, May 2002.
 J. Ioannidis and S. M. Bellovin, “Implementing pushback: Router-based defense against DDoS attacks,” in Proceedings of Network and Distributed System Security Symposium, February 2002.
 Y. Zhang, L. Breslau, V. Paxson, and S. Shenker, “On the characteristics and origins of internet flow rates,” in ACMSIGCOMM, August 2002.
 Smitha, I. Kim, and A. L. N. Reddy, “Identifying long term high rate flows at a router,” in Proceedings of High Performance Computing, December 2001.
 I. Kim, “Analyzing network traces to identify long-term high rate flows,” M. S. thesis, TAMU-ECE-2001-02, May 2001.
 R. Mahajan, et al., “Controlling high bandwidth aggregates in the network,” ACM Computer Communication Review, Vol. 32, No. 3, July 2002.
 C. Estan and G. Varghese, “New directions in traffic measurement and accounting,” in ACM SIGCOMM, August 2002.
 A. Medina et al., “Traffic matrix estimation: Existing techniques and new directions,” in ACM SIGCOMM, August 2002.
 D. Tong and A. L. N. Reddy, “QOS enhancement with partial state,” in Proceedings of IWQOS, June 1999.
 Packeteer, “PacketShaper Express,” white paper, 2003, http://www. packeteer. Com / resources / prod-sol/Xpress_ Whitepaper.pdf.
 S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan, and V. Paxson, “Pushback messages for controlling aggregates in the network,” IETF Internet draft, work in progress, July 2001.
 S. Savage, D. Whetherall, A. Karlin, and T. Anderson, “Practical network support for IP traceback,” in ACM SIGCOMM, 2000.
 S. S. Kim and A. L. N. Reddy, “Statistical techniques for detecting traffic anomalies through packet header data,” IEEE/ACM Transaction on Networking, Vol. 16, No. 3, pp. 562–575, June 2008.
 A. Kuzmanovic and E. Knightly, “Low-rate TCP-targeted denial of service attacks,” in ACM SIGCOMM, Karlsruhe, Germany, August 2003.
 A. Feldmann, A. Gilbert, P. Huang, and W. Willinger, “Dynamics of IP traffic: A study of the role of variability and the impact of control,” ACM Computer Communication Review, Vol. 29, No. 4, pp. 301–313, 1999.
 C. M. Cheng, H. T. Kung, and K. S. Tan, “Use of spectral analysis in defense against DoS attacks,” in IEEE Globecom, 2002.
 J. B. D. Cabrera, L. Lewis, and X. Z. Qin, “Proactive detection of distributed denial of service attacks using MIB traffic variables–a feasibility study,” IEEE Transactions on Signal Processing, 49(6): pp. 609–622, 2001.
 S. Wang, L. C. Sun, and G. Z. Gan, “Application research based on Granger causality test for attack detection,” Computer Applications, 25 (6): pp. 1282–1285, 2005.
 F. Zhang and J. Hellerstein, “An approach to on-line predictive detection,” in proceedings of the Eighth International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, San Francisco, CA, IEEE Computer Society, pp. 549–556 August 2000.
 J. Hamilton, “Time series analysis,” Princeton University Press, 1994.
 B. X. Zou and Z. Q. Yao, “A method to stabilize network traffic,” Journal of China Institute of Communications, 25(8): pp. 14–23, 2004.
 P. J. Criscuolo, “Distribution denial of service — trin00, tribe flood network, tribe flood network 2000, and stacheldraht,” CIAC–2319, Department of Energy — CIAC (Computer Incident Advisory Capacity), 2000.