A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Packet trace manipulation rramework for test labs
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
A Framework for Real-Time Worm Attack Detection and Backbone Monitoring
IWCIP '05 Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Traffic matrix reloaded: impact of routing changes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Behavioural Characterization for Network Anomaly Detection
Transactions on Computational Science IV
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
AnomBench: a benchmark for volume-based internet anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A flow trace generator using graph-based traffic classification techniques
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Emulation platform for network wide traffic sampling and monitoring
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Machine learning approach for IP-flow record anomaly detection
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Rapid prototyping of active measurement tools
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
There are several remaining open questions in the area of flow-based anomaly detection, e.g., how to do meaningful evaluations of anomaly detection mechanisms; how to get conclusive information about the origin and nature of an anomaly; or how to detect low intensity attacks. In order to answer these questions, network traffic traces that are representative for a specific test environment, and that contain anomalies with selected characteristics are a prerequisite. In this work, we present flame, a tool for injection of hand-crafted anomalies into a given background traffic trace. This tool combines the controllability offered by simulation with the realism provided by captured traffic traces. We present the design and prototype implementation of flame, and show how it is applied to inject three example anomalies into a given flow trace. We believe that flame can contribute significantly to the development and evaluation of advanced anomaly detection mechanisms.