Advanced search
Publication Cover
Technometrics Volume 55, 2013 - Issue 4
Submit an article Journal homepage
1,045
Views
86
CrossRef citations to date
0
Altmetric
Original Articles

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs

Joshua Neil Advanced Computing Solutions, Los Alamos National Laboratory, Los Alamos, NM, 87545
,
Curtis Hash Advanced Computing Solutions, Los Alamos National Laboratory, Los Alamos, NM, 87545
,
Alexander Brugh Advanced Computing Solutions, Los Alamos National Laboratory, Los Alamos, NM, 87545
,
Mike Fisk Advanced Computing Solutions, Los Alamos National Laboratory, Los Alamos, NM, 87545
&
Curtis B. Storlie Statistical Sciences Group (CCS-6), Los Alamos National Laboratory, Los Alamos, NM, 87545
Pages 403-414 | Received 01 Mar 2012, Published online: 22 Nov 2013

REFERENCES

  • Brownlee , N. , Mills , C. and Ruth , G. 1999 . Traffic Flow Measurement: Architecture (RFC 2722) .
  • Casella , G. and Berger , R. 2001 . Statistical Inference , Pacific Grove , CA : Duxbury Press .
  • Chandola , V. , Banerjee , A. and Kumar , V. 2009 . Anomaly Detection: A Survey . ACM Computing Surveys (CSUR) , 41 : 15
  • Collins , M. and Reiter , M. 2007 . “ Hit-List Worm Detection and Bot Identification in Large Networks Using Protocol Graphs ” . In Recent Advances in Intrusion Detection , 276 – 295 . Springer .
  • Dhamija , R. , Tygar , J. and Hearst , M. 2006 . “ Why Phishing Works ” . In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 581 – 590 . ACM .
  • Doucet , A. , De Freitas , N. and Gordon , N. 2001 . Sequential Monte Carlo Methods in Practice , New York : Springer-Verlag .
  • Forrest , S. , Hofmeyr , S. , Somayaji , A. Longstaff , T. 1996 . “ A Sense of Self for Unix Processes ” . In IEEE Symposium on Security and Privacy , 120 – 128 . IEEE Computer Society .
  • Glaz , J. , Naus , J. and Wallenstein , S. 2001 . Scan Statistics , New York : Springer-Verlag .
  • Heard , N. , Weston , D. , Platanioti , K. and Hand , D. 2010 . Bayesian Anomaly Detection Methods for Social Networks . Annals of Applied Statistics , 4 : 645 – 662 .
  • Kolaczyk , E. 2009 . Statistical Analysis of Network Data: Methods and Models , New York : Springer .
  • Kulldorff , M. 1997 . A Spatial Scan Statistic . Communications in Statistics—Theory and Methods , 26 : 1481 – 1496 .
  • Kulldorff , M. 2001 . Prospective Time Periodic Geographical Disease Surveillance Using a Scan Statistic . Journal of the Royal Statistical Society, Series A , 164 : 61 – 72 .
  • Lambert , D. and Liu , C. 2006 . Adaptive Thresholds: Monitoring Streams of Network Counts Online . Journal of the American Statistical Association , 101 : 78 – 88 .
  • Lambert , D. , Pinheiro , J. and Sun , D. 2001 . Estimating Millions of Dynamic Timing Patterns in Real Time . Journal of the American Statistical Association , : 96 – 330 . 316
  • Loader , C. 1991 . Large-Deviation Approximations to the Distribution of Scan Statistics . Advances in Applied Probability , 23 : 751 – 771 .
  • Lu , Q. , Chen , F. and Hancock , K. 2009 . On Path Anomaly Detection in a Large Transportation Network . Computers, Environment and Urban Systems , 33 : 448 – 462 .
  • Lyons , G. 1997 . Network Working Group P. Amsden Request for Comments: 2124 J. Amweg Category: Informational P. Calato S. Bensley .
  • Mukherjee , B. , Heberlein , L. Levitt , K. 1994 . Network Intrusion Detection . IEEE Network , 8 : 26 – 41 .
  • Naus , J. 1982 . Approximations for Distributions of Scan Statistics . Journal of the American Statistical Association , 77 : 177 – 183 .
  • Noble , C. and Cook , D. 2003 . “ Graph-Based Anomaly Detection ” . In Proceedings of the Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining , 631 – 636 . ACM .
  • Phaal , P. , Panchen , S. and McKee , N. 2001 . InMon Corporations sFlow: A Method for Monitoring Traffic in Switched and Routed Networks (RFC 3176) . Technical Report, Internet Engineering Task Force (IETF)
  • Pohlmeier , W. and Ulrich , V. 1995 . An Econometric Model of the Two-Part Decisionmaking Process in the Demand for Health Care . The Journal of Human Resources , 30 : 339 – 361 .
  • Postel , J. 1981 . RFC 791: Internet Protocol .
  • Priebe , C. E. , Conroy , J. M. and Marchette , D. J. 2005 . Scan Statistics on Enron Graphs . Workshop on Link Analysis, Counterterrorism and Security at the SIAM International Conference on Data Mining , Newport Beach, CA
  • Rabiner , L. 1989 . A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition . Proceedings of the IEEE , 77 : 257 – 286 .
  • Salamatian , K. and Vaton , S. 2001 . “ Hidden Markov Modeling for Network Communication Channels ” . In ACM SIGMETRICS Performance Evaluation Review (Vol. 29) , 92 – 101 . ACM .
  • Stallings , W. 1987 . Handbook of Computer-Communications Standards; Vol. 1: The Open Systems Interconnection (OSI) Model and Osi-Related Standards , London: Macmillan Publishing Co., Inc .
  • Ye , N. 2000 . “ A Markov Chain Model of Temporal Behavior for Anomaly Detection ” . In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop (Vol. 166) , 169 Oakland .
  • Yeung , D. and Ding , Y. 2003 . Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models . Pattern Recognition , 36 : 229 – 243 .

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.