ONTIC: D5.4: Use Case #1 Network Intrusion Detection

The reason is that streaming flows have intrinsic durations and thus volumes proportional to their rate: in the limiting case where the elastic traffic intensity alone is close

∗ Index Terms: Anomaly Detection, Support Vector Ma- chines (SVMs), One-Class SVMs, Unsupervised Learning, Model Selection, Similarity Measure, Multivariate Time Series (MTS)..

The tool proposed in this paper can be regarded as a starting point for the development of advanced cyber-physical protection systems, that are able to exploit classical fault

Sequential detection (and isolation) of unusual and significant changes in network Origin-Destination (OD) traffic volumes from simple link load measurements is considered in

The method pro- posed in this paper consists of finding a linear parsimonious model of ambient traffic (nuisance parameter) and detecting anomalies by using an invariant

Among available grid clustering algorithms, GDCA (Grid Density-based Clustering Algorithm) [4] offers many advan- tages; it is a density based grid clustering, able to discover

features based on a time sliding window is generic enough so that any detector which is fast enough can be implemented on top of it and thus detect anomalies in a continuous way. The

In order to identify any form of cluster, UNADA is based on a density based grid algorithm DBSCAN (Density-Based Spatial Clustering of Applications with Noise) [8] which takes