A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Building a large annotated corpus of English: the penn treebank
Computational Linguistics - Special issue on using large corpora: II
Labeling images with a computer game
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
LADS: large-scale automated DDOS detection system
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Challenging the supremacy of traffic matrices in anomaly detection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
A visualization tool for exploring multi-scale network traffic anomalies
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Crowdsourcing service-level network event monitoring
Proceedings of the ACM SIGCOMM 2010 conference
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
Uncovering relations between traffic classifiers and anomaly detectors via graph theory
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
| Hi-index | 0.00 |
Despite the flurry of anomaly-detection papers in recent years, effective ways to validate and compare proposed solutions have remained elusive. We argue that evaluating anomaly detectors on manually labeled traces is both important and unavoidable. In particular, it is important to evaluate detectors on traces from operational networks because it is in this setting that the detectors must ultimately succeed. In addition, manual labeling of such traces is unavoidable because new anomalies will be identified and characterized from manual inspection long before there are realistic models for them. It is well known, however, that manual labeling is slow and error-prone. In order to mitigate these challenges, we present WebClass, a web-based infrastructure that adds rigor to the manual labeling process. WebClass allows researchers to share, inspect, and label traffic time-series through a common graphical user interface. We are releasing WebClass to the research community in the hope that it will foster greater collaboration in creating labeled traces and that the traces will be of higher quality because the entire community has access to all the information that led to a given label