. Akamai, Memcached UDP reflection attacks, 2018.

M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein et al., Understanding the Mirai botnet, Proceedings of the USENIX Security Symposium (USENIX Security), pp.1093-1110, 2017.

A. Aqil, K. Khalil, A. O. Atya, E. E. Papalexakis, S. V. Krishnamurthy et al., Jaal: Towards network intrusion detection at isp scale, Proceedings of the International COnference on emerging Networking EXperiments and Technologies -(CoNEXT), 2017.

. Avira, 18000 routers taken hostage in less than a day, 2018.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, Network anomaly detection: Methods, systems and tools, IEEE Communications Surveys & Tutorials, vol.16, issue.1, pp.303-336, 2014.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, Surveying port scans and their detection methodologies, The Computer Journal, vol.54, issue.10, pp.1565-1581, 2011.

A. Blaise, M. Bouet, S. Secci, and V. Conan, Split-and-Merge: detecting unknown botnets, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM), 2019.
URL : https://hal.archives-ouvertes.fr/hal-02119801

, CAIDA, 2020. UCSD Network Telescope Aggregated Flow Dataset

C. Callegari, S. Giordano, and M. Pagano, Entropy-based network anomaly detection, Proceedings of International Conference on Computing, Networking and Communications (ICNC), 2017.

M. Celenk, T. Conley, J. Willis, and J. Graham, Predictive network anomaly detection and visualization, IEEE Transactions on Information Forensics and Security, vol.5, issue.2, pp.288-299, 2010.

. Checkpoint, IoTroop botnet: The full investigation, 2018.

J. Á. Cid-fuentes, C. Szabo, and K. Falkner, An adaptive framework for the detection of novel botnets, Computers & Security, vol.79, pp.148-161, 2018.

. Cisco, Snort -network intrusion detection & prevention system, 2018.

A. Dainotti, K. Benson, A. King, M. Kallitsis, E. Glatz et al., Estimating internet address space usage through passive measurements, ACM SIG-COMM Computer Communication Review, vol.44, issue.1, pp.42-49, 2013.

J. Dromard, G. Roudiere, and P. Owezarski, Online and scalable unsupervised network anomaly detection method, IEEE Transactions on Network and Service Management, vol.14, issue.1, pp.34-47, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01406273

S. Edwards and I. Profetis, Hajime: Analysis of a decentralized internet worm for IoT devices, 2016.

. Fireeye, Smb exploited: Wannacry use of "eternalblue, 2017.

R. Fontugne, P. Borgnat, P. Abry, and K. Fukuda, MAW-ILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking, Proceedings of the International COnference on emerging Networking EXperiments and Technologies, 2010.

J. Francois, I. Aib, and R. Boutaba, FireCol: A collaborative protection network for the detection of flooding DDoS attacks, IEEE/ACM Transactions on Networking, vol.20, issue.6, pp.1828-1841, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00959439

. Fukudalab, MAWILab database, 2019.

. Github, Source code for Split-and-Merge detection algorithm, 2019.

G. Gu, J. Zhang, and W. Lee, BotSniffer: Detecting botnet command and control channels in network traffic, Proceedings of the Network and Distributed System Security Symposium (NDSS), 2008.

A. Guillot, R. Fontugne, P. Winter, P. Mã?rindol, A. Dainotti et al., Chocolatine: Outage detection for internet background radiation, Network Traffic Measurement and Analysis Conference (TMA), 2019.

F. Haddadi, D. L. Cong, L. Porter, and A. N. Zincir-heywood, On the effectiveness of different botnet detection approaches. In: Information Security Practice and Experience, pp.121-135, 2015.

B. Iglewicz and D. Hoaglin, How to detect and handle outliers, The ASQC Basic References in Quality Control: Statistical Techniques, vol.16, 1993.

C. Kao, Y. Chang, N. Huang, S. , I. S. Liao et al., A predictive zero-day network defense using long-term port-scan recording, 2015 IEEE Conference on Communications and Network Security (CNS), 2015.

A. Lakhina, M. Crovella, and C. Diot, Mining anomalies using traffic feature distributions, Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communications -SIGCOMM, 2005.

A. G. Lobato, M. A. Lopez, I. J. Sanz, A. A. Cardenas, O. C. Duarte et al., An adaptive real-time architecture for zero-day threat detection, IEEE International Conference on Communications (ICC), 2018.
URL : https://hal.archives-ouvertes.fr/hal-02099022

W. Lu and H. Tong, Detecting network anomalies using CUSUM and EM clustering, Advances in Computation and Intelligence, pp.297-308, 2009.

A. Mahanti, N. Carlsson, A. Mahanti, M. Arlitt, and C. Williamson, A tale of the tails: Power-laws in internet measurements, IEEE Network, vol.27, issue.1, pp.59-64, 2013.

, MAWI, 2019. MAWI working group traffic archive

S. A. Mirheidari, S. Arshad, and R. Jalili, Alert correlation algorithms: A survey and taxonomy, Cyberspace Safety and Security, pp.183-197, 2013.

. Netlab360, New threat report: A new IoT botnet is spreading over http 81 on a large scale, 2017.

. Netlab360, Warning: Satori, a Mirai branch is spreading in worm style on port 37215 and 52869, 2017.

. Netlab360, ADB.Miner: More information, 2018.

. Nmap, Nmap: the network Mapper, 2018.

S. Panjwani, S. Tan, K. Jarrin, and M. Cukier, An experimental evaluation to determine if port scans are precursors to an attack, 2005 International Conference on Dependable Systems and Networks (DSN), 2005.

V. Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks, vol.31, pp.2435-2463, 1999.

. Radware, Why the world is under the spell of IoTReaper, 2017.

. Radware, Satori iot botnet variant, 2018.

, Surge in exploit attempts for netis router backdoor (udp/53413, SANS ISC InfoSec Forums, 2017.

P. K. Shanmugam, N. D. Subramanyam, J. Breen, C. Roach, and J. V. Der-merwe, DEIDtect: towards distributed elastic intrusion detection, Proceedings of the ACM SIGCOMM workshop on Distributed cloud computing (DCC), 2014.

D. Singh, D. Patel, B. Borisaniya, and C. Modi, Collaborative IDS framework for cloud, International Journal of Network Security, vol.18, pp.699-709, 2015.

M. Su, G. Yu, and C. Lin, A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach, Computers & Security, vol.28, issue.5, pp.301-309, 2009.

. Symantec, Hajime worm battles mirai for control of the internet of things, 2017.

A. G. Tartakovsky, A. S. Polunchenko, and G. Sokolov, Efficient computer network anomaly detection by changepoint detection methods, IEEE Journal of Selected Topics in Signal Processing, vol.7, issue.1, pp.4-11, 2013.

. Techrepublic, Massive ransomware attack takes out 27,000 mongodb servers, 2017.

M. Techrepublic, How to stop Memcached DDoS attacks with a simple command, 2018.

. Us-cert, Ics advisory (icsa-13-011-03), rockwell automation controllogix plc vulnerabilities, 2019.

, Internet of Things (IoT) Cybersecurity Improvement Act of 2017, 2017.

A. Wang, W. Chang, S. Chen, and A. Mohaisen, Delving into internet DDoS attacks by botnets: Characterization and analysis, IEEE/ACM Transactions on Networking, vol.26, issue.6, pp.2843-2855, 2018.

W. Wang, Y. Shang, Y. He, Y. Li, and J. Liu, Bot-Mark: Automated botnet detection with hybrid analysis of flowbased and graph-based traffic behaviors, Information Sciences, vol.511, pp.284-296, 2020.

E. W. Zakir-durumeric and J. A. Halderman, ZMap: Fast internet-wide scanning and its security applications, Proceedings of the USENIX Security Symposium (USENIX Security), 2013.

. Zdnet, A decade of malware: Top botnets of the 2010s, 2019.

C. V. Zhou, C. Leckie, and S. Karunasekera, A survey of coordinated attacks and collaborative intrusion detection, Computers & Security, vol.29, issue.1, pp.124-140, 2010.

, She received her Engineering degree in Computer Science from ISEN, Agathe Blaise is currently a Ph.D. student at Thales Communications & Security, vol.6, 2017.

, He is a Research Expert in networking and communications with Thales, France, where he currently manages research activities on network softwarization with the Networking Laboratory, Advanced Studies Department, Mathieu Bouet received the Ph.D. degree in Computer Science and the Habilitation degree from Sorbonne University (formerly UPMC -Paris VI, 2009.

, He is a Senior Research Expert in networking and communications with Thales, France. He is currently the Head of the Networking Laboratory, Advanced Studies Department in Thales. He has been conducting research in the fields of software-defined communications and wireless networking. He has published over 100 international conference and journal papers and holds 10 patents in networking technologies. His current research topics include mobile network protocols and virtualized network design, 2012.

, His current interests cover novel routing and switching architectures and network virtualization, Stefano Secci is professor of networking at Cnam (Conservatoire national des arts et metiers), 2005.