On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
The internet measurement data catalog
ACM SIGCOMM Computer Communication Review
CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth
IEEE Pervasive Computing
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
LADS: large-scale automated DDOS detection system
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
Large-scale evaluation of distributed attack detection
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Distributed detection of large-scale attacks in the internet
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Anomaly-based identification of large-scale attacks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
International Journal of Sensor Networks
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
Toward credible evaluation of anomaly-based intrusion-detection methods
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
BasisDetect: a model-based network event detection framework
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Proceedings of the 6th International COnference
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative anomaly-based detection of large-scale internet attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A database of anomalous traffic for assessing profile based IDS
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
Anomalous events that affect the performance of networks are a fact of life. It is therefore not surprising that recent years have seen an explosion in research on network anomaly detection. What is quite surprising, however, is the lack of controlled evaluation of these detectors. In this paper we argue that there are numerous important questions regarding the effectiveness of anomaly detectors that cannot be answered by the evaluation techniques employed today. We present four central requirements of a rigorous evaluation that can only be met by simulating both the anomaly and its surrounding environment. While simulation is necessary, it is not sufficient. We therefore present an outline of an evaluation methodology that leverages both simulation and traces from operational networks