Skip to main content


Argus has been used in a large number of network and cyber security research publications, dissertations, theses, books, presentations and blogs. We're proud that we could support so much research and development in computer networking, cyber security, machine learning, and general science with our work.

Maintaining a complete list has been non-trivial, and the list below is the result of keyword web searches, primarily looking at the Google, and the ACM Library for articles since 2010. If you do not see a research paper, dissertaion, book, presentation, reference that you wrote, or you liked, please send us a pointer. Also, if you find that a link on this page is stale, please send us a note to This email address is being protected from spambots. You need JavaScript enabled to view it..

Dissertations and Thesis

A Review and Analysis of Bot-IoT Security Data for Machine Learning, Thesis, Jared M. Peterson, Dec 2021.
Botnet Command & Control Detection in IoT Networks, Thesis, Najwa Laabid, July 2021.
Machine leaning-based DoS attacks detection for MQTT sensor networks, Thesis, Ali Ghannadrad, July 2021.
Tensor Based Monitoring of Large-Scale Network Traffic, Thesis, Gerald Liso, December 2018.
Adaptive Network Flow Parameters for Stealthy Botnet Behavior - Machine Learning techniques for providing perturbations to network flow patterns, Thesis, Torgeir Fladby, Autumn 2018.
Machine Learning and Cybersecurity: Studying network behaviour to detect anomalies MSc in High Performance Computing with Data Science, The University of Edinburgh, Jiawen Chen, July 25, 2018.
Investigating A Behaviour Analysis-Based Early Warning System To Identify Botnets Using Machine Learning Algorithms Ph.D. Thesis, Fariba Haddadi, September 2018.
InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data, Thesis, Hansaka Angel Dias Edirisinghe Kodituwakku, Aug 2017.
An Online Anomaly-Detection Neural Networks-based Clustering for Adaptive Intrusion Detection Systems, Thesis, Roshan Kokabha, Setareh, Feb 2016.
Intensional Cyberforensics, Thesis, Serguei A. Mokhov, Mar 2014.
Salting Public Traces With Attack Traffic To Test Flow Classifiers, Thesis, Zeynel Berkay Celik, Aug 2011.
A comparative study of in-band and out-of-band VoIP protocols in layer 3 and layer 2.5 environments, Thesis, George Pallis, Jan 2011.
Detecting malicious network activity using flow data and learning automata , Thesis, Christian Auby Torbjørn Skagestad Kristian Tveiten, May 2009.
Visualization of Network Traffic to Detect Malicious Network Activity, Thesis, Zhihua Jin, June 2008.
Supporting the Visualization and Forensic Analysis of Network Events, Disseration, Doantham Phan, December 2007.
Keeping Track of Network Flows: An Inexpensive and Fexible Solution, Thesis, Alexander Fedyukin, November 2005.
Using Netflows for slow portscan detection, Thesis, Bjarte Malmedal, 2005.

Research Articles

F. Zola, L. Segurola-Gil, J.L. Bruse, M. Galar, R. Orduna-Urrutia, Network traffic analysis through node behaviour classification: a graph-based approach with temporal dissection and data-level preprocessing, Computers & Security, Volume 115, 2022, 102632, ISSN 0167-4048,
Ying Xing, Hui Shu, Fei Kang, Hao Zhao, "Peertrap: An Unstructured P2P Botnet Detection Framework Based on SAW Community Discovery", Wireless Communications and Mobile Computing, vol. 2022, Article ID 9900396, 18 pages, 2022.
Nguyen P.C. et al. (2022) An Intrusion Detection Approach for Small-Sized Networks. In: Smys S., Balas V.E., Palanisamy R. (eds) Inventive Computation and Information Technologies. Lecture Notes in Networks and Systems, vol 336. Springer, Singapore.
Safari Khatouni, A., Seddigh, N., Nandy, B. et al. Machine Learning Based Classification Accuracy of Encrypted Service Channels: Analysis of Various Factors. J Netw Syst Manage 29, 8 (2021).
Andrea Corsini, Shanchieh Jay Yang, and Giovanni Apruzzese. 2021. On the Evaluation of Sequential Machine Learning for Network Intrusion Detection. In The 16th International Conference on Availability, Reliability and Security (ARES 2021), August 17–20, 2021, Vienna, Austria. ACM, New York, NY, USA, 10 pages.
Cheng H., Shen Y., Cheng T., Fang Y., Ling J. (2021) Botnet Detection Based on Multilateral Attribute Graph. In: Lu W., Sun K., Yung M., Liu F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science, vol 13005. Springer, Cham.
Ilievski G, Latkoski P. Network Traffic Classification in an NFV Environment using Supervised ML Algorithms. Journal of Telecommunications and Information Technology. 2021;23–31.
Y. Song, W. Luo, J. Li, P. Xu and J. Wei, "SDN-based Industrial Internet Security Gateway," 2021 International Conference on Security, Pattern Analysis, and Cybernetics(SPAC), 2021, pp. 238-243, doi: 10.1109/SPAC53836.2021.9539961.
Sirajuddin Qureshi, Saima Tunio, Faheem Akhtar, Ahsan Wajahat, Ahsan Nazir, Faheem Ullah. Network Forensics: A Comprehensive Review of Tools and Techniques. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 12, No. 5, 2021
Clark, D. and Turnbull, B. Interactive 3D Visualization of Network Traffic in Time for Forensic Analysis. DOI: 10.5220/0008950601770184 In Proceedings of the 15th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications (VISIGRAPP 2020) - Volume 3: IVAPP, pages 177-184 ISBN: 978-989-758-402-2; ISSN: 2184-4321
A. A. Hady, A. Ghubaish, T. Salman, D. Unal and R. Jain, "Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study," in IEEE Access, vol. 8, pp. 106576-106584, 2020, doi: 10.1109/ACCESS.2020.3000421.
Manas Kumar Yogi and KVV Subba Rao, Impact analysis of using ML techniques on imbalanced datasets for leveraging security of industrial IoT. International Journal of Circuit, Computing and Networking 2020; 2(2): 41-46
Chaouki Khammassiab, Saoussen Krichena, "A NSGA2-LR Wrapper Approach for Feature Selection in Network Intrusion Detection". Computer Networks. Volume 172, 8 May 2020, 107183. ISSN 1389-1286,
Rajagopal S., Hareesha K.S., Kundapur P.P. (2020) Feature Relevance Analysis and Feature Reduction of UNSW NB-15 Using Neural Networks on MAMLS. In: Pati B., Panigrahi C., Buyya R., Li KC. (eds) Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol 1082. Springer, Singapore
Abirami M.S., Yash U., Singh S. (2020) Building an Ensemble Learning Based Algorithm for Improving Intrusion Detection System. In: Dash S., Lakshmi C., Das S., Panigrahi B. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 1056. Springer, Singapore
Almogren, Ahmad S. Intrusion Detection in Edge-of-Things Computing. Journal of Parallel and Distributed Computing, Volume 137, March 2020, Pages 259-265.
Gjorgji ILIEVSKI , Pero LATKOSKI. Efficiency of Supervised Machine Learning Algorithms in Regular and Encrypted VoIP Classification within NFV Environment, RADIOENGINEERING, VOL. 29, NO. 1, APRIL 2020, 243-250.
Gupta N., Bedi P., Jindal V. (2020) Effect of Activation Functions on the Performance of Deep Learning Algorithms for Network Intrusion Detection Systems. In: Singh P., Panigrahi B., Suryadevara N., Sharma S., Singh A. (eds) Proceedings of ICETIT 2019. Lecture Notes in Electrical Engineering, vol 605. Springer, Cham
Dwivedi, S., Vardhan, M. & Tripathi, S. Incorporating evolutionary computation for securing wireless network against cyberthreats. J Supercomput (2020).
Molina-Coronado, B., Mori, U., Mendiburu, A., & Miguel-Alonso, J. (2020). Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process. ArXiv, abs/2001.09697.
Apruzzese, G.; Andreolini, M.; Marchetti, M.; Colacino, V.G.; Russo, G. AppCon: Mitigating Evasion Attacks to ML Cyber Detectors. Symmetry 2020, 12, 653.
J. Aiken and S. Scott-Hayward, "Investigating Adversarial Attacks against Network Intrusion Detection Systems in SDNs," 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, pp. 1-7, doi: 10.1109/NFV-SDN47374.2019.9040101.
Haney M. (2019) Leveraging Cyber-Physical System Honeypots to Enhance Threat Intelligence. In: Staggs J., Shenoi S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham.
Guo, H., Fan, X., Cao, A., Outhred, G., & Heidemann, J.S. (2019). Peek Inside the Closed World: Evaluating Autoencoder-Based Detection of DDoS to Cloud. ArXiv, abs/1912.05590.
D. C. Le and N. Zincir-Heywood, "Learning From Evolving Network Data for Dependable Botnet Detection," 2019 15th International Conference on Network and Service Management (CNSM), 2019, pp. 1-5, doi: 10.23919/CNSM46954.2019.9012710.
M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan and R. Jain, "Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things," in IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6822-6834, Aug. 2019.
Robert A. Bridges, Tarrah R Glass-Vanderlan, Michael D Iannacone, Maria S Vincent, Qian (Guenevere) Chen, A Survey of Intrusion Detection Systems Leveraging Host Data. ACM Computing Surveys, November 2019 Article No.: 128
C. R. Taylor and J. P. Lanson, "Network-based Classification of Authentication Attempts using Machine Learning," 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 2019, pp. 669-673
Tuan, T.A., Long, H.V., Son, L.H. et al. Performance evaluation of Botnet DDoS attack detection using machine learning. Evol. Intel. (2019).
Chapaneri R., Shah S. (2019) A Comprehensive Survey of Machine Learning-Based Network Intrusion Detection. In: Satapathy S., Bhateja V., Das S. (eds) Smart Intelligent Computing and Applications. Smart Innovation, Systems and Technologies, vol 104. Springer, Singapore
Fan Zhang, J. Wesley Hines & Jamie B. Coble (2019) A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities, Nuclear Technology, DOI: 10.1080/00295450.2019.1666599
F. A. Khan, A. Gumaei, A. Derhab and A. Hussain, "A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection," in IEEE Access, vol. 7, pp. 30373-30385, 2019.
S. Khanchi, N. Zincir-Heywood and M. Heywood, "Network Analytics for Streaming Traffic Analysis," 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), 2019, pp. 25-30.
G. Apruzzese, M. Colajanni and M. Marchetti, "Evaluating the effectiveness of Adversarial Attacks against Botnet Detectors," 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), 2019, pp. 1-8, doi: 10.1109/NCA.2019.8935039.
Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, Benjamin Turnbull, Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset, Future Generation Computer Systems, Volume 100, 2019, Pages 779-796, ISSN 0167-739X,
Pektaş, A, Acarman, T. A deep learning method to detect network intrusion through flow‐based features. Int J Network Mgmt. 2019; 29:e2050.
A. S. Khatouni and N. Zincir-Heywood, "Integrating Machine Learning with Off-the-Shelf Traffic Flow Features for HTTP/HTTPS Traffic Classification," 2019 IEEE Symposium on Computers and Communications (ISCC), Barcelona, Spain, 2019, pp. 1-7.
A. S. Khatouni, L. Zhang, K. Aziz, I. Zincir and N. Zincir-Heywood, "Exploring NAT Detection and Host Identification Using Machine Learning," 2019 15th International Conference on Network and Service Management (CNSM), Halifax, NS, Canada, 2019, pp. 1-8.
R. R. Karn, P. Kudva and I. A. M. Elfadel, "Dynamic Autoselection and Autotuning of Machine Learning Models for Cloud Network Analytics," in IEEE Transactions on Parallel and Distributed Systems, vol. 30, no. 5, pp. 1052-1064, 1 May 2019.
Andreoni Lopez, M, Mattos, DMF, Duarte, OCMB, Pujolle, G. Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency Computat Pract Exper. 2019; 31:e5344.
D. Zhuang and J. M. Chang, "Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis," in IEEE Transactions on Information Forensics and Security, vol. 14, no. 6, pp. 1485-1500, June 2019. doi: 10.1109/TIFS.2018.2881657
Osama Faker and Erdogan Dogdu. 2019. Intrusion Detection Using Big Data and Deep Learning Techniques. In Proceedings of the 2019 ACM Southeast Conference (ACM SE '19). ACM, New York, NY, USA, 86-93. DOI:
P. Mishra, V. Varadharajan, U. Tupakula and E. S. Pilli, "A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection," in IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 686-728, Firstquarter 2019.
X. Wu, T. Miskell, Y. Luo, L. Wang and L. Chen, "Edison: Event-driven Distributed System of Network Measurement," 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Arlington, VA, USA, 2019, pp. 545-550.
N. Moustafa, B. Turnbull and K. R. Choo, "Towards Automation of Vulnerability and Exploitation Identification in IIoT Networks," 2018 IEEE International Conference on Industrial Internet (ICII), 2018, pp. 139-145, doi: 10.1109/ICII.2018.00023.
Marcio Andrey Teixeira, Tara Salman, Maede Zolanvari, Raj Jain, Nader Meskin and Mohammed Samaka. 2018. SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet 2018, 10(8), 76;
A. Divekar, M. Parekh, V. Savla, R. Mishra and M. Shirole, "Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives," 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS), Kathmandu, 2018, pp. 1-8.
Sean Peisert, Eli Dart, William Barnett, Edward Balas, James Cuff, Robert L Grossman, Ari Berman, Anurag Shankar, Brian Tierney. 2018. The medical science DMZ: a network design pattern for data-intensive medical science. Journal of the American Medical Informatics Association, Volume 25, Issue 3, March 2018, Pages 267–274,
Stephanie Ding. 2018. Machine Learning for Cybersecurity: Network-based Botnet Detection Using Time-Limited Flows. Caltech Undergraduate Research Journal, July, 2018.
S. Khanchi, N. Zincir-Heywood and M. Heywood, "Streaming Botnet traffic analysis using bio-inspired active learning," NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, 2018, pp. 1-6, doi: 10.1109/NOMS.2018.8406293.
M. Zolanvari, M. A. Teixeira and R. Jain, "Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning," 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), Miami, FL, 2018, pp. 112-117.
Verma, A., Ranga, V. Evaluation of Network Intrusion Detection Systems for RPL Based 6LoWPAN Networks in IoT. Wireless Pers Commun 108, 1571–1594 (2019).
Homayoun S., Ahmadzadeh M., Hashemi S., Dehghantanha A., Khayami R. (2018) BoTShark: A Deep Learning Approach for Botnet Traffic Detection. In: Dehghantanha A., Conti M., Dargahi T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham
Atli, B.G., Miche, Y., Kalliola, A. et al. Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space, Cognitive Computing (2018) 10: 848.
Pektaş, A, Acarman, T. Botnet detection based on network flow summary and deep learning. Int J Network Mgmt. 2018; 28:e2039.
Sean Peisert, Eli Dart, William Barnett, Edward Balas, James Cuff, Robert L Grossman, Ari Berman, Anurag Shankar, Brian Tierney. 2018. The medical science DMZ: a network design pattern for data-intensive medical science. Journal of the American Medical Informatics Association, Volume 25, Issue 3, March 2018, Pages 267–274,
Nascimento, Zuleika and Djamel Fawzi Hadj Sadok. “MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy.” Information 9 (2018): 233.
Meghdouri, Fares, Tanja Zseby and Félix Iglesias. “Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic.” (2018).
B. G. Atli, Y. Miche and A. Jung, "Network Intrusion Detection Using Flow Statistics," 2018 IEEE Statistical Signal Processing Workshop (SSP), Freiburg, 2018, pp. 70-74. doi: 10.1109/SSP.2018.8450709
Meghdouri, Fares; Zseby, Tanja; Iglesias, Félix. 2018. "Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic." Appl. Sci. 8, no. 11: 2196.
Koroniotis N., Moustafa N., Sitnikova E., Slay J. (2018) Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques. In: Hu J., Khalil I., Tari Z., Wen S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham
Y. Wan, J. Chang, R. Chen and S. Wang, "Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis," 2018 3rd International Conference on Computer and Communication Systems (ICCCS), Nagoya, 2018, pp. 85-88. doi: 10.1109/CCOMS.2018.8463300
M. J. Vargas-Muñoz, R. Martínez-Peláez, P. Velarde-Alvarado, E. Moreno-García, D. L. Torres-Roman and J. J. Ceballos-Mejía, "Classification of network anomalies in flow level network traffic using Bayesian networks," 2018 International Conference on Electronics, Communications and Computers (CONIELECOMP), Cholula, 2018, pp. 238-243. doi: 10.1109/CONIELECOMP.2018.8327205
Chowdhury, S., Khanzadeh, M., Akula, R. et al. Botnet detection using graph-based feature clustering. Journal of Big Data (2017) 4: 14.
Cho B., Kim K.J., Kim H. (2018) The Isolation Algorithm of Problem Location with Multi-agent Approach for End-to-End Network Performance Management. In: Kim K., Joukov N. (eds) Mobile and Wireless Technologies 2017. ICMWT 2017. Lecture Notes in Electrical Engineering, vol 425. Springer, Singapore
Bhuyan M.H., Bhattacharyya D.K., Kalita J.K. (2017) Practical Tools for Attackers and Defenders. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham.
O. Yavanoglu and M. Aydos, "A review on cyber security datasets for machine learning algorithms," 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, 2017, pp. 2186-2193.
Ankit Bansal and Sudipta Mahapatra. 2017. A comparative analysis of machine learning techniques for botnet detection. In Proceedings of the 10th International Conference on Security of Information and Networks (SIN '17). ACM, New York, NY, USA, 91-98. DOI:
T. Salman, D. Bhamare, A. Erbad, R. Jain and M. Samaka, "Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments," 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, 2017, pp. 97-103.
Luis Miguel Torres, Eduardo Magaña, Daniel Morató, Santiago Garcia-Jimenez, Mikel Izal, TBDClust: Time-based density clustering to enable free browsing of sites in pay-per-use mobile Internet providers. Journal of Network and Computer Applications Volume 99, 1 December 2017, Pages 17-27. ISSN 1084-8045,
F. Haddadi, D. Phan and A. N. Zincir-Heywood, "How to choose from different botnet detection systems?," NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, 2016, pp. 1079-1084. doi: 10.1109/NOMS.2016.7502964
Christopher R. Harshaw, Robert A. Bridges, Michael D. Iannacone, Joel W. Reed, and John R. Goodall. 2016. GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection. In Proceedings of the 11th Annual Cyber and Information Security Research Conference (CISRC '16). ACM, New York, NY, USA, Article 15, 4 pages. DOI:
D. Bhamare, T. Salman, M. Samaka, A. Erbad and R. Jain, "Feasibility of Supervised Machine Learning for Cloud Security," 2016 International Conference on Information Science and Security (ICISS), Pattaya, 2016, pp. 1-5.
Sebasitan Garcia. 2016. Modelling the network behaviour of malware to block malicious patterns. The Stratosphere Project: A Behavioural IPS. Virus Bulletin, Sept 2015.
Nour Moustafa and Jill Slay. 2016. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Sec. J.: A Global Perspective 25, 1-3 (April 2016), 18-31. DOI:
Kayla M. Straub, Avik Sengupta, Joseph M. Ernst, Robert W. McGwier, Merrick Watchorn, Richard Tilley, and Randolph Marchany. 2016. Malware Propagation in Fully Connected Networks: A Netflow-Based Analysis. MILCOM 2016 - 2016 IEEE Military Communications Conference, Baltimore, MD, 2016, pp. 497-502. doi: 10.1109/MILCOM.2016.7795376.
Shing-Han Li, Yucheng Kao, Zongcyuan Zhang, Yingping Chuang, David C. Yen. A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means. ACM Transactions on Management Information Systems, April 2015. Article No.: 3
Buseung Cho, Kyuil Kim, Hyungwoo Park and Jin-Wook Chung. Oct 2015. Network Flow Awareness System for E-Science Collaborative Application. Indian Journal of Science and Technology, Vol 8(26), DOI: 10.17485/ijst/2015/v8i26/81060.
H. Lim, Y. Yamaguchi, H. Shimada and H. Takakura, "Malware classification method based on sequence of traffic flow," 2015 International Conference on Information Systems Security and Privacy (ICISSP), Angers, 2015, pp. 1-8.
Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science; Software Engineering (C3S2E '14). ACM, New York, NY, USA, , Article 27 , 6 pages. DOI=10.1145/2641483.2641540
N. Hoque, Monowar H. Bhuyan, R.C. Baishya, D.K. Bhattacharyya, J.K. Kalita, Network attacks: Taxonomy, tools and systems, Journal of Network and Computer Applications, Volume 40, 2014, Pages 307-324, ISSN 1084-8045,
S. García, M. Grill, J. Stiborek, and A. Zunino. 2014. An empirical comparison of botnet detection methods. Comput. Secur. 45 (September 2014), 100-123. DOI=10.1016/j.cose.2014.05.011
Pratik Narang, Abhishek Thakur, and Chittaranjan Hota. 2014. Hades: a Hadoop-based framework for detection of peer-to-peer botnets. In Proceedings of the 20th International Conference on Management of Data (COMAD '14). Computer Society of India, Mumbai, India, India, 121-124.
N. Hoque, Monowar H. Bhuyan, R. C. Baishya, D. K. Bhattacharyya, and J. K. Kalita. 2014. Review: Network attacks: Taxonomy, tools and systems. J. Netw. Comput. Appl. 40 (April 2014), 307-324. DOI=10.1016/j.jnca.2013.08.001
Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Automating MAC Spoofer Evidence Gathering and Encoding for Investigations. In Foundations and Practice of Security: 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. ISBN 3319170406, 9783319170404
Serguei A. Mokhov, Michael J. Assels, Joey Paquet, and Mourad Debbabi. 2014. Toward Automated MAC Spoofer Investigations. In Proceedings of the 2014 International C* Conference on Computer Science & Software Engineering (C3S2E '14). ACM, New York, NY, USA, Article 27, 6 pages. DOI:
García, S. , Zunino, A. and Campo, M. (2014), Survey on network‐based botnet detection methods. Security Comm. Networks, 7: 878-903. doi:10.1002/sec.800
Skrzewski M. (2013) Monitoring System’s Network Activity for Rootkit Malware Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg
Jin, Hongying & Li, Linhao. (2013). Dynamic Network Traffic Flow Prediction Model based on Modified Quantum-Behaved Particle Swarm Optimization. Journal of Networks. 8. 2332-2339. 10.4304/jnw.8.10.2332-2339.
Mansour Alsaleh, Abdullah Alqahtani, Abdulrahman Alarifi, and AbdulMalik Al-Salman. 2013. Visualizing PHPIDS log files for better understanding of web server attacks. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (VizSec '13), John Goodall, Kwan-Liu Ma, Sophie Engle, and Fabian Fischer (Eds.). ACM, New York, NY, USA, 1-8. DOI=10.1145/2517957.2517958
P. Celeda, P. Velan, M. Rabek, R. Hofstede, and A. Pras, Large-scale geolocation for NetFlow. Proceedings of IM. 2013, 1015-1020.
Nichole Boscia. 2012. Flow Analysis Tool Whitepaper.
R. Hunt, "New developments in network forensics — Tools and techniques," 2012 18th IEEE International Conference on Networks (ICON), Singapore, 2012, pp. 376-381. doi: 10.1109/ICON.2012.6506587
Amit Kumar Tyagi and Sadique Nayeem. Article: Detecting HTTP Botnet using Artificial Immune System (AIS). International Journal of Applied Information Systems 2(6):34-37, May 2012. Published by Foundation of Computer Science, New York, USA.
H. Li, G. Hu, J. Yuan and H. Lai, "P2P Botnet Detection Based on Irregular Phased Similarity," 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control, Harbin, 2012, pp. 79-82. doi: 10.1109/IMCCC.2012.25
Yeonhee Lee and Youngseok Lee. 2012. Toward scalable internet traffic measurement and analysis with Hadoop. SIGCOMM Comput. Commun. Rev. 43, 1 (January 2012), 5-13. DOI=10.1145/2427036.2427038
Rodrigo M. P. Silva and Ronaldo M. Salles. 2012. Methodology for detection and restraint of p2p applications in the network. In Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV (ICCSA'12), Beniamino Murgante, Osvaldo Gervasi, Sanjay Misra, Nadia Nedjah, and Ana C. Rocha (Eds.), Vol. Part IV. Springer-Verlag, Berlin, Heidelberg, 326-339. DOI=10.1007/978-3-642-31128-4_24
Monowar H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Surveying Port Scans and Their Detection Methodologies, The Computer Journal, Volume 54, Issue 10, October 2011, Pages 1565–1581,
Skrzewski M. (2011) Analyzing Outbound Network Traffic. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg
Michael J. Assels, Dana Echtner, Michael Spanner, Serguei A. Mokhov, François Carrière, and Manny Taveroff. 2011. Multifaceted faculty network design and management: practice and experience. In Proceedings of The Fourth International C* Conference on Computer Science and Software Engineering (C3S2E '11). ACM, New York, NY, USA, 151-155. DOI=10.1145/1992896.1992916
Saptarshi Guha, Paul Kidwell, Asgrith Barthur, William S Cleveland, John Gerth, and Carter Bullard. 2011. SSH Keystroke Packet Detection, ICS-2011—Monterey, California, Jan 9-11.
Skrzewski M. (2011) Flow Based Algorithm for Malware Traffic Detection. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg
Apeksha Godiyal, Michael Garland, John C. Hart. 2010. Enhancing Network Traffic Visualization by Graph Pattern Analysis.
Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: netflow-based network awareness tool. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-8.
Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani, Saman Shojae Chaeikar. 2010. A Proposed Framework for P2P Botnet Detection. IACSIT International Journal of Engineering and Technology, Vol.2, No.2, April 2010 ISSN: 1793-8236.
Emmanuel S. Pilli, R. C. Joshi, and Rajdeep Niyogi. 2010. Network forensic frameworks: Survey and research challenges. Digit. Investig. 7, 1-2 (October 2010), 14-27. DOI=10.1016/j.diin.2010.02.003
Christopher M. Inacio and Brian Trammell. 2010. YAF: yet another flowmeter. In Proceedings of the 24th international conference on Large installation system administration (LISA'10). USENIX Association, Berkeley, CA, USA, 1-16.
2010. Proceedings of the Seventh International Symposium on Visualization for Cyber Security. ACM, New York, NY, USA.
Lin Quan and John Heidemann. 2010. On the characteristics and reasons of long-lived internet flows. In Proceedings of the 10th Annual Conference on Internet Measurement (IMC '10). ACM, New York, NY, USA, 444-450. [doi=10.1145/1879141.1879198]
Mohammed Sqalli, Raed AlShaikh, and Ezzat Ahmed. 2010. A distributed honeynet at KFUPM: a case study. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10), Somesh Jha, Robin Sommer, and Christian Kreibich (Eds.). Springer-Verlag, Berlin, Heidelberg, 486-487.
Pavel Minarik, Jan Vykopal, and Vojtech Krmicek. 2009. Improving Host Profiling with Bidirectional Flows. In Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03 (CSE '09), Vol. 3. IEEE Computer Society, Washington, DC, USA, 231-237. [doi=10.1109/CSE.2009.23]
Cristian Morariu, Peter Racz, and Burkhard Stiller. 2009. Design and Implementation of a Distributed Platform for Sharing IP Flow Records. In Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT (DSOM '09), Claudio Bartolini and Luciano Paschoal Gaspary (Eds.). Springer-Verlag, Berlin, Heidelberg, 1-14. [doi=10.1007/978-3-642-04989-7_1]
H. Okamura, T. Dohi, K. S. Trivedi, Markovian Arrival Process Parameter Estimation With Group Data, IEEE/ACM Transactions on Networking (TON) Vol 17, Issue 4, p.1326-1339, August , 2009, Piscataway, NJ, USA [doi>10.1109/TNET.2008.2008750]
T. Yen, X. Huang, F. Monrose, M. Reiter, Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications, Detection of Intrusions and Malware, and Vulnerability Assessment 6th International Conference, DIMVA 2009, Como, Italy, July 9-10, 2009. Proceedings [doi>10.1007/978-3-642-02918-9]
S. Lin, Z. Gao, K. Xu, Web 2.0 traffic measurement: analysis on online map applications, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, p.7-12, June 03 - 05, 2009, Williamsburg, VA, USA [doi>10.1145/1542245.1542248]
S. Tricaud, P. Saadé, Applied Parallel Coordinates for Logs and Network Traffic Attack Analysis, European Institute for Computer Anti-Virus Research (EICAR) 18th Annual Conference, May 11 - 12, 2009, Berlin, Germany [pdf]
G. Louthan, B. Deetz, M. Walker, J. Hale, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Session: Track 8, Article No. 67, Apr 13 - 15, 2009, Oak Ridge, Tennessee, USA [doi>10.1145/1558607.1558684]
G. Vandenberghe, Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events, Proceedings of the 5th International Workshop on Visualization for Computer Security, VizSec 2008, p. 181-196, September 15, 2008, Cambridge, MA, USA [doi>10.1007/978-3-540-85933-8_18]
Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania [doi>10.1145/1408664.1408679]
Guofei Gu , Roberto Perdisci , Junjie Zhang , Wenke Lee, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proceedings of the 17th conference on Security symposium, p.139-154, July 28-August 01, 2008, San Jose, CA
T-F Yen and M. K. Reiter, Traffic aggregation for malware detection, In Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008 (Lecture Notes in Computer Science 5137), pages 207-227, July 10-11 2008, Paris, France [doi:10.1007/978-3-540-70542-0_11]
Mansour Alsaleh, David Barrera, and P. C. van Oorschot. 2008. Improving Security Visualization with Exposure Map Filtering. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC '08). IEEE Computer Society, Washington, DC, USA, 205-214. DOI=10.1109/ACSAC.2008.16
G. Nychis, V. Sekar, D Andersen, H Kim, H Zhang, An empirical evaluation of entropy-based traffic anomaly detection, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, p 151-156, October 20-22, 2008, Vouliagmeni, Greece
Kiran Lakkaraju , Adam Slagell, Evaluating the utility of anonymized network traces for intrusion detection, Proceedings of the 4th international conference on Security and privacy in communication networks, September 22-25, 2008, Istanbul, Turkey [doi>10.1145/1460877.1460899]
L. Merkle, Automated Network Forensics, Proceedings of the 2008 GECCO Conference Companion on Genetic and Evolutionary Computation, p.1929-1932, 2008, Atlanta, GA, USA.
M. Ekmanis, V Novikovs, A Rusko, Unauthorized Network Services Detection by Flow Analysis, Electronics and Electrical Engineering. – Kaunas: Technologija, No. 5(85), p.49-56, 2008.
J. Naous, D. Ericson, A. Covington, G Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, Symposium On Architecture For Networking And Communications Systems, p.1-9, 2008, San Jose, CA
Doantam Phan, John Gerth, Marcia Lee, Andreas Paepcke, and Terry Winograd, Visual Analysis of Network Flow Data with Timelines and Event Plots, VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, 2007 [doi>10.1007/978-3-540-78243-8_6]
Christoforos Kachris, Chidamber Kulkarni, Configurable Transactional Memory, Field-Programmable Custom Computing Machines, 2007. FCCM 2007. 15th Annual IEEE Symposium on, Page(s):65 - 72, April 2007 Napa, Ca, USA. [doi>10.1109/FCCM.2007.41]
David Botta , Rodrigo Werlinger , André Gagné , Konstantin Beznosov , Lee Iverson , Sidney Fels , Brian Fisher, Towards understanding IT security professionals and their tools, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280693]
H. Okamura, Y. Kamahara, T. Dohi, Estimating Markov-modulated compound Poisson processes, Proceedings of the 2nd international conference on Performance evaluation methodologies and tools, Article 28, October 22-27, 2007, Nantes, France.
M. Masuya, t Yamanoue, S. Kubota, An experience of monitoring university network security using a commercial service and DIY monitoring, Proceedings of the 34th annual ACM SIGUCCS conference on User services, p.225-230, November 5-8, 2006, Edmonton, Alberta, Canada [doi>10.1145/1181216.1181267]
A. Ferro, I Delgado, A Munoz, F Liberal, An analytical model for loss estimation in network traffic analysis systems, Journal of Computer and System Sciences, Vol. 72, Issue 7, November 2006 [doi>10.1016/j.jcss.2005.12.004]
L. Xiao, J. Gerth, P. Hanrahan, Enhancing Visual Analysis of Network Traffic Using a Knowledge Representation, Visual Analytics Science And Technology, 2006 IEEE Symposium On, p 107-114, Oct 31 - Nov 2, 2006, Baltimore, MD, USA [doi>10.1109/VAST.2006.261436]
Javier Verdú , Jorge Garcí , Mario Nemirovsky , Mateo Valero, Architectural impact of stateful networking applications, Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA [doi>10.1145/1095890.1095893]
William Yurcik, Visualizing NetFlows for security at line speed: the SIFT tool suite, Proceedings of the 19th conference on Large Installation System Administration Conference, p.16-16, December 04-09, 2005, San Diego, CA
Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029208.1029219]
Dogu Arifler , Gustavo de Veciana , Brian L. Evans, A factor analytic approach to inferring congestion sharing based on flow level measurements, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.67-79, February 2007 [doi>10.1109/TNET.2006.890103]
Thorsten Voss, Klaus-Peter Kossakowski, "Detecting New Patterns of Attacks - Results and Applications of Large Scale Sensoring Networks.," IT-Incidents Management & IT-Forensics - IMF 2006, Conference Proceedings, October, 18th-19th, 2006, Stuttgart.
Sun-Myung Hwang, "P2P Protocol Analysis and Blocking Algorithm", Computational Science and Its Applications – ICCSA 2005 Lecture Notes in Computer Science Volume 3481, 2005, pp 21-30
Javier Verdu, Mario Nemirovsky, Jorge Garcia, and Mateo Valero, "Workload Characterization of Stateful Networking Applications", In Procs. of the 6th International Symposium on High Performance Computing (ISHPC-VI), Higashikasugano, Nara City, Japan, September 2005.
Nick Duffield, "Sampling for Passive Internet Measurement: A Review", Statistical Science, vol. 19, no. 3 472-498, 2004, doi:10.1214/088342304000000206.
Kevin Chen, Jennifer Tu, Alex Vandiver, "Analyzing Network Traffic from a Class B Darknet", This email address is being protected from spambots. You need JavaScript enabled to view it., Dec 2004.
Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network," IEEE Security and Privacy, vol. 2, no. 4, pp. 72-78, July 2004, doi:10.1109/MSP.2004.47
Nick Duffield, Carsten Lund, and Mikkel Thorup. 2002. Properties and prediction of flow statistics from sampled packet streams. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (IMW '02). ACM, New York, NY, USA, 159-171. DOI=10.1145/637201.637225
Nick Duffield , Carsten Lund , Mikkel Thorup, Charging from sampled network usage, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505232]
Steve Romig. 2000. The OSU Flow-tools Package and CISCO NetFlow Logs. In Proceedings of the 14th USENIX conference on System administration (LISA '00). USENIX Association, Berkeley, CA, USA, 291-304.
Marcus J. Ranum, Kent Landfield, Mike Stolarchuk, Mark Sienkiewicz, Andrew Lambeth, and Eric Wall. 1997. Implementing a Generalized Tool for Network Monitoring: ("Best Paper" Award!). In Proceedings of the 11th USENIX conference on System administration (LISA '97). USENIX Association, Berkeley, CA, USA, 1-8.


C Sanders, J Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis, Waltham, MA, Syngress, 2014.
R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response, San Francisco: No Starch Press, 2013.
Wireless Networking in the Developing World 3rd Edition,, 2013.
S. Davidoff, J. Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall, 1st Edition, 2012.
J. Vacca, Managing Information Secuirty, Syngress Publishing, 2010.
R. Marty, Applied Security Visualization, New York:Addison-Wesley Professional, Aug 2008.
A. Lockhart, Network Security Hacks 2nd Edition, O'Reilly Media, Inc., Sestaphol, CA, USA 2007.
J Babbin, et. al., Security Log Management: Identifying Patterns in the Chaos 2nd Edition, Syngress Publishing, Inc., Rockland, MA, USA 2006.
Flickenger R.; Belcher M.; Canessa E.; Zennaro M, How to Accelerate Your Internet: A practical Guide to Bandwidth Management and Optimisation Using Open Source Software Oxford: INASP/ICTP. ISBN: 0-9778093-1-5. 2006.
V Oppleman, O Friedrichs and B Watson, Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed), McGraw-Hill Osborne Media; 1 edition July 18, 2005.
R. Bejtlich, Extrusion Detection : Security Monitoring for Internal Intrusions, New York:Addison-Wesley, November 2005.
I. Ristic, Apache Security, O'Reilly Media Inc., Sebastopol, CA, USA, 2005.
R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection , New York:Addison-Wesley, 2004.
D. Farmer, W. Venema, Forensic Discovery, New York:Addison-Wesley, 2004.
J. Nazario, Defense and Detection Strategies against Internet Worms, Boston:Artech House, 2004.
Eoghan Casey, Digital Evidence and Computer Crime 2nd Edition, Academic Press, Inc., Orlando, FL, 2004.

Web Blogs and Articles

Flow Monitoring Tools, What do we have, What do we need?, 9th SIG-NOC Meeting, ARNES 2019
QoSient ARGUS – Identifing Changes in the Network, Aug 19, 2019
QoSient ARGUS – Analyzing DNS Queries Part 2, May 13, 2019
QoSient ARGUS – Analyzing DNS Queries, Apr 11, 2019
Ten Strategies of a World-Class Cybersecurity Operations Center, © 2014 The MITRE Corporation, 2014
Know Your Tools: use Picviz to find attacks Sebastien Tricaud, Victor Amaducci, The Honeynet Project, Nov 2009
Know Your Tools: use Picviz to find attacks Sebastien Tricaud, Victor Amaducci, The Honeynet Project, Nov 2009
WHEN {PUFFY} MEETS ^REDDEVIL^ (C.S. Lee's Security Blog)
After an Exploit: mitigation and remediation
Security Incident Management Essentials (
Michael Cloppert: Computer Forensic Hero SANS Computer Forensics, Mar 2009
Detecting Botnets Grzegorz Landecki, Linux Journal, Jan 2009
Mass-Mailing Worms: Prevention, Detection and Response Richard Gadsden, SANS Institute, 2009
Nmap facts with parallel coordinates Sebastien Tricaud, Dec 2008
iX Magazine Security Special with DAVIX (December 2008)
Building SElinux policy for Argus Jan-Frode Myklebust, Oct 2008.
Expanding Response: Deeper Analysis for Incident Handlers Russ McRee, SANS Institute, Oct 2008 Network Security (April 2008)
argus - Auditing Network Activity - Performance & Status Monitoring (Jan 2008)
Flowtime - Create a Timeline for Packet Flow (Jan 2008)
Argus - Auditing network activity Russ McRee, ISSA Journal, Nov 2007
Practical Botnet Detection (April 2007)
Keeping an eye on the network with Argus Ralf Spenneberg, Linux Magazine, Feb 2007
Network Security Monitoring: Beyound Intrusion Detection (2006)
Network Defense Applications using IP Sinkholes (2006)
Argus 3.0 on FreeBSD (Aug 2006)
Survey of Network Performance Monitoring Tools (2006)
Network Flow Analysis (2006)
Using archived argus flow records to secure and troublehshoot your network (July 2005)
Defending Networks with Intrustion Detection Systems (June 2004).