[1] M. Steinder and A. S. Sethi, “Probabilistic Fault Diagnosis in Communication Systems through Incremental Hypothesis Updating,” Computer Networks Vol. 45. (2004): pp. 537–562.
[2] X. Ou, W. F. Boyer, and M. A. McQueen, “A Scalable Approach to Attack Graph Generation,” 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, October 2006.
[3] S. Klihger, S. Yemini, Y. Yemini, D. Ohsie and S. Stolfo, “A Coding Approach to Event Correlation,” Proceedings of the Fourth International Symposium on Intelligent Network Management, 1995.
[4] M. Steinder and A. S. Sethi, “Increasing Robustness of Fault Localization through Analysis of Lost, Spurious, and Positive Symptoms,” Proceedings of IEEE INFOCOM, New York, NY, 2002.
[5] K. Appleby G. Goldszmidt and M. Steinder, “Yemanja: A Layered Fault Localization System for Multidomain Computing Utilities,” Journal of Network and Systems Management Vol. 10 pp. 171–194 (2002).
[6] R. I. Brodie, M. Ma, and S. Ma, “Optimizing Probe Selection for Fault Localization,” IEEE/IFIP (DSOM), Nancy, France 2001.
[7] I. Rish, M. Brodie, N. Daintsova, S. Ma, G. Grabarnik, “Real-Time Problem Determination in Distributed Systems Using Active Probing,” IEEE/IFIP (NOMS), Seoul, S. Korea, 2004.
[8] Al-Shaer, Y. Tang, “QoS Path Monitoring for Multicast Networks,” Journal of Network and System Management (JNSM), 2002. Vol. 10, pp. 357–381.
[9] J. Gao, G. Ker and P. Kermani, “Approaches to Building Self-Healing System Using Dependency Analysis,” IEEE/IFIP (NOMS), Seoul, S. Korea, 2004.
[10] G. Liu, A. K. Mok, E. J. Yang, “Composite Events for Network Event Correlation” Integrated Network Management VI, Boston, MA, 1999, pp. 247–260.
[11] G. Jakobson and M. D. Weissman, “Alarm Correlation,” IEEE Network Vol. 7, (1993) pp. 52–59.
[12] D. Moore, V. Paxson, S. Savage, C. Shainon, S. Staniford, and N. Weaver, “The Spread of the Sapphire/Slammer Worm,” at http://www.caida.org, 2003.
[13] G. Cormode and S. Muthukrishnan, “What’s New: Finding Significant Differences in Network Data Streams,” Proceedings of IEEE Infocom, Hong Kong, China, 2004.
[14] Cisco Inc, “Per-Packet Load Balancing, 2003,” at http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s21/pplb.pdf.
[15] R. Schweller, Z. Li, Y. Chen, Y. Gao, A. Gopra, Y. Zhang, P. Dinda, M-Y. Kao, and G. Memik et al., “Reverse Hashing for High-Speed Network Monitoring: Algorithms, Evaluation, and Applications,” Proceedings of IEEE Infocom, Barcelona, Spain, 2006.
[16] R. Schweller, A. Gupta, E. Parsons, and Y. Chen, “Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams,” IMC, Proceedings of the 4th ACM SIGCOMM Conference on Interner Measurement (2004). pp. 207–212.
[17] Arbor Networks, “Intelligent Network Management with Peakflow Traffic,” at http://www.arbornetworks.com/download.php.
[18] N. Duffield, C. Lund, and M. Thorup, “Flow Sampling under Hard Resource Constraints,” Proceedings of ACM SIGMETRICS, New York, NY, 2004.
[19] D. Moore, “Inferring Internet Denial of Service Activity,” Proceedings of the 2001 USENIX Security Symposium, Washington, DC, Aug. 2001.
[20] H. Wang, D. Zhang, and K. G. Shin, “Detecting SYN Flooding Attacks,” Proceedings of IEEE INFOCOM, New York, NY, 2002.
[21] J. Jung, V. Paxson, A.W. Berger, H. Balakrishnan, “Fast Portscan Detection Using Sequential Hypothesis Testing,” Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 2004.
[22] N. Weaver S. Staniford, and V. Paxson, “Very Fast Containment of Scanning Worms,” USENIX Security Symposium, San Diego, CA, 2004.
[23] S. Venkataraman, D. Song, P. Gibbons, and A. Blum, “New Streaming Algorithms for Superspreader Detection,” The Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2005.
[24] R. R. Kompella, S. Singh, and G. Varghese, “On Scalable Attack Detection in the Network,” Proceedings of ACM/USENIX IMC, Sicily, Italy, 2004.
[25] Q. G. Zhao, A. Kumar, and J. J. Xu, “Joint Data Streaming and Sampling Techniques for Detection of Super Sources and Destinations,” Proceedings of ACM/USENIX Internet Measurement Conference, Berkeley, CA, 2005.
[26] B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen, “Sketch-Based Change Detection: Methods, Evaluation, and Applications,” Proceedings of ACM SIGCOMM Internet Measurement Conference (IMC), Miami FL, 2003.
[27] V. Yegneswaran, P. Barford, J. Ullrich, “Internet Intrusions: Global Characteristics and Prevalence,” Proceedings of ACM SIGMETRICS, San Diego, CA, 2003.
[28] G. Y. Z. Li and Y. Chen, “A Dos Resilient Flow-Level Intrusion Detection Approach for High-Speed Networks,” Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS), Lisboa, Portugal, 2006.
[29] Y. Gao, Z. Li, and Y. Chen, “Towards a High-Speed Router-Based Anomaly/Intrusion Detection System,” at http://list.cs.northwestern.edu/hpnaidm.html.