Intrusions and attacks have become a very serious problem in network world. This paper presents a statistical characterization of packet counts that can be used for network intrusion detection. The main idea is based on detecting any suspicious behavior in computer networks depending on the comparison between the correlation results of control and data planes in the presence and absence of attacks using histogram analysis. Signal processing tools such as median filtering, moving average filtering, and local variance estimators are exploited to help in developing network anomaly detection approaches. Therefore, detecting dissimilarity can indicate an abnormal behavior. 

Koan-Sin Tan. "Use of spectral analysis in defense against DoS attacks", Global Telecommunications Conference 2002 GLOBECOM 02 IEEE MEMSYS-03, 2002

D. J. Brown, B. Suckow, and T. Wang, “A Survey of Intrusion Detection Systems,” 2002

Das, A., Nguyen, D., Zambreno, J., Memik, G. and Choudhary, A. An FPGA-Based Network Intrusion Detection Architecture, IEEE Transactions on Information Forensics and Security, Vol. 3, No. 1, pp. 118-132, 2008 cams.usc.edu

S. Kent, “On the trial of intrusions into information systems,”IEEE Spectrum, pp. 52–56, December 2000.

B. AsSadhan, H. Kim, J. Moura, and X. Wang, “Network Traffic Behavior Analysis by Decomposition into Control and Data Planes,.

Jarkko Isotalo “Basics of Statistics “

Weiyu Zhang. "A Survey of Anomaly Detection Methods in Networks", 2009 International Symposium on Computer Network and Multimedia Technology, 12/2009

Young-Koo Lee. "Modular Multilayer Perceptron for WLAN Based Localization", The 2006 IEEE International Joint Conference on Neural Network Proceedings, 2006

http://en.wikipedia.org/wiki/Cross-correlation.

https://www.artofproblemsolving.com/LaTeX/Examples/statistics_firstfive.pdf

TCPDUMP/LIBPCAP public repository. [Online]. Available: http://www.tcpdump.org. Accessed June 2013.