For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Weight-Discounted Symmetrization in Clustering Directed Graphs
p.2979
A Summary of Comparative Study of Software Reliability
p.2988
Implementation of TCP/NC Protocol Simulation Based on OMNET++
p.2993
Improvement of KEA Based on Lexical Chain
p.2999
A Framework of Evaluation Methodologies for Network Anomaly Detectors
p.3005
Multiscale Event Study of Private Placement Announcement Effect
p.3011
The Integrated Operation of the Network Security Equipments Based on HTTP
p.3016
Geometric Pseudospectral Method on Lie Group with Application to 3D Pendulum
p.3021
The Bus Line Network Efficiency Evaluation Algorithm Based on the Theory of Fuzzy and Hierarchical Analysis
p.3030

A Framework of Evaluation Methodologies for Network Anomaly Detectors

Article Preview

Abstract:

Anomaly detection has been a field of intensive research over the last years. Along with that several works to evaluate anomaly detectors have been proposed. In this paper we argue four properties regarding ideal evaluation methodologies that cannot be answered by single current evaluation technique employed today. We therefore present an framework of an evaluation methodology that leverages traces from operational networks, simulation and emulation to satisfy the four properties.

You might also be interested in these eBooks
Information Technology Applications in Industry, Computer Engineering and Materials Science View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 756-759)

Pages:

3005-3010

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.756-759.3005

Citation:

Cite this paper

Online since:

September 2013

Authors:

Xin Zhao, Ye Kui Qian, Chang Sheng Wang

Keywords:

Anomaly Detector, Emulation, Flow Matrix, Framework, Netflow

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] A. Lakhina, M. Crovella, and C. Diot, Diagnosing network-wide traffic anomalies, " in ACM SIGCOMM , 04, Aug. (2004).

DOI: 10.1145/1030194.1015492

Google Scholar

[2] Kompella, R. R., Singh, S., and Varghese, G. On scalable attack detection in the network. In ACM Internet Measurement Conference (New York, NY, USA, 2004), p.187–200.

DOI: 10.1145/1028788.1028812

Google Scholar

[3] Estan, C., Savage, S., and Varghese, G. Automatically inferring patterns of resource consumption in network traffic. In ACM SIGCOMM (Karlsruhe, Germany, 2003), p.137–148.

DOI: 10.1145/863955.863972

Google Scholar

[4] Huang, Y., Feamster, N., Lakhina, A., and Xu, J. J. Diagnosing network disruptions with network-wide analysis. In ACM SIGMETRICS (San Diego, CA, USA, 2007).

DOI: 10.1145/1269899.1254890

Google Scholar

[5] T. Benzel, R. Braden, D. Kim, C. Neuman, A. Joseph, K. Sklower, R. Ostrenga, and S. Schwab. Experiences With DETER: A Testbed for Security Research. In 2nd IEEE TridentCom, March (2006).

DOI: 10.1109/tridnt.2006.1649172

Google Scholar

[6] EMIST project. Evaluation methods for internet security technology. http: /www. isi. edu/deter/emist. temp. html.

Google Scholar

[7] Graphical network emulator - GNS3, http: /www. gns3. net/, (2009).

Google Scholar

[8] Wide project. http: /www. wide. ad. jp.

Google Scholar

[9] Abilene Network operations center. http: /www. abilene. iu. edu.

Google Scholar

[10] GEANT. The panEuropean research network. http: /www. geant2. net.

Google Scholar

[11] Xin Li, Fang Bian, Mark Crovella, Christophe Diot, Ramesh Govindan, Gianluca Iannaccone, and Anukool Lakhina. Detection and identification of network anomalies using sketch subspaces. In IMC '06: Proceedings of the 6th ACM.

DOI: 10.1145/1177080.1177099

Google Scholar

[12] Steve Uhlig, Bruno Quoitin, Jean Lepropre, and Simon Balon. Providing public intradomain traffic matrices to the research community. SIGCOMM Comput. Commun. Rev., 36(1): 83–86, (2006).

DOI: 10.1145/1111322.1111341

Google Scholar

[13] Haakon Ringberg, Augustin Soule, and Jennifer Rexford. Webclass: adding rigor to manual labeling of traffic anomalies. SIGCOMM Comput. Commun. Rev., 38(1): 35–38, (2008).

DOI: 10.1145/1341431.1341437

Google Scholar

[14] Joel Sommers and Paul Barford. Self-configuring network traffic generation. In Internet Measurement Conference, (2004).

DOI: 10.1145/1028788.1028798

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.