REFERENCES
- Brownlee , N. , Mills , C. and Ruth , G. 1999 . Traffic Flow Measurement: Architecture (RFC 2722) .
- Casella , G. and Berger , R. 2001 . Statistical Inference , Pacific Grove , CA : Duxbury Press .
- Chandola , V. , Banerjee , A. and Kumar , V. 2009 . Anomaly Detection: A Survey . ACM Computing Surveys (CSUR) , 41 : 15
- Collins , M. and Reiter , M. 2007 . “ Hit-List Worm Detection and Bot Identification in Large Networks Using Protocol Graphs ” . In Recent Advances in Intrusion Detection , 276 – 295 . Springer .
- Dhamija , R. , Tygar , J. and Hearst , M. 2006 . “ Why Phishing Works ” . In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 581 – 590 . ACM .
- Doucet , A. , De Freitas , N. and Gordon , N. 2001 . Sequential Monte Carlo Methods in Practice , New York : Springer-Verlag .
- Forrest , S. , Hofmeyr , S. , Somayaji , A. Longstaff , T. 1996 . “ A Sense of Self for Unix Processes ” . In IEEE Symposium on Security and Privacy , 120 – 128 . IEEE Computer Society .
- Glaz , J. , Naus , J. and Wallenstein , S. 2001 . Scan Statistics , New York : Springer-Verlag .
- Heard , N. , Weston , D. , Platanioti , K. and Hand , D. 2010 . Bayesian Anomaly Detection Methods for Social Networks . Annals of Applied Statistics , 4 : 645 – 662 .
- Kolaczyk , E. 2009 . Statistical Analysis of Network Data: Methods and Models , New York : Springer .
- Kulldorff , M. 1997 . A Spatial Scan Statistic . Communications in Statistics—Theory and Methods , 26 : 1481 – 1496 .
- Kulldorff , M. 2001 . Prospective Time Periodic Geographical Disease Surveillance Using a Scan Statistic . Journal of the Royal Statistical Society, Series A , 164 : 61 – 72 .
- Lambert , D. and Liu , C. 2006 . Adaptive Thresholds: Monitoring Streams of Network Counts Online . Journal of the American Statistical Association , 101 : 78 – 88 .
- Lambert , D. , Pinheiro , J. and Sun , D. 2001 . Estimating Millions of Dynamic Timing Patterns in Real Time . Journal of the American Statistical Association , : 96 – 330 . 316
- Loader , C. 1991 . Large-Deviation Approximations to the Distribution of Scan Statistics . Advances in Applied Probability , 23 : 751 – 771 .
- Lu , Q. , Chen , F. and Hancock , K. 2009 . On Path Anomaly Detection in a Large Transportation Network . Computers, Environment and Urban Systems , 33 : 448 – 462 .
- Lyons , G. 1997 . Network Working Group P. Amsden Request for Comments: 2124 J. Amweg Category: Informational P. Calato S. Bensley .
- Mukherjee , B. , Heberlein , L. Levitt , K. 1994 . Network Intrusion Detection . IEEE Network , 8 : 26 – 41 .
- Naus , J. 1982 . Approximations for Distributions of Scan Statistics . Journal of the American Statistical Association , 77 : 177 – 183 .
- Noble , C. and Cook , D. 2003 . “ Graph-Based Anomaly Detection ” . In Proceedings of the Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining , 631 – 636 . ACM .
- Phaal , P. , Panchen , S. and McKee , N. 2001 . InMon Corporations sFlow: A Method for Monitoring Traffic in Switched and Routed Networks (RFC 3176) . Technical Report, Internet Engineering Task Force (IETF)
- Pohlmeier , W. and Ulrich , V. 1995 . An Econometric Model of the Two-Part Decisionmaking Process in the Demand for Health Care . The Journal of Human Resources , 30 : 339 – 361 .
- Postel , J. 1981 . RFC 791: Internet Protocol .
- Priebe , C. E. , Conroy , J. M. and Marchette , D. J. 2005 . Scan Statistics on Enron Graphs . Workshop on Link Analysis, Counterterrorism and Security at the SIAM International Conference on Data Mining , Newport Beach, CA
- Rabiner , L. 1989 . A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition . Proceedings of the IEEE , 77 : 257 – 286 .
- Salamatian , K. and Vaton , S. 2001 . “ Hidden Markov Modeling for Network Communication Channels ” . In ACM SIGMETRICS Performance Evaluation Review (Vol. 29) , 92 – 101 . ACM .
- Stallings , W. 1987 . Handbook of Computer-Communications Standards; Vol. 1: The Open Systems Interconnection (OSI) Model and Osi-Related Standards , London: Macmillan Publishing Co., Inc .
- Ye , N. 2000 . “ A Markov Chain Model of Temporal Behavior for Anomaly Detection ” . In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop (Vol. 166) , 169 Oakland .
- Yeung , D. and Ding , Y. 2003 . Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models . Pattern Recognition , 36 : 229 – 243 .