Self-similarity in World Wide Web traffic: evidence and possible causes
IEEE/ACM Transactions on Networking (TON)
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
BRITE: A Flexible Generator of Internet Topologies
BRITE: A Flexible Generator of Internet Topologies
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
A first-principles approach to understanding the internet's router-level topology
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Realistic simulation environments for IP-based networks
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Distack -- A Framework for Anomaly-Based Large-Scale Attack Detection
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Simulation of internet DDoS attacks and defense
ISC'06 Proceedings of the 9th international conference on Information Security
Policy-driven network simulation: a resilience case study
Proceedings of the 2011 ACM Symposium on Applied Computing
Towards the simulation of energy-efficient resilience management
Proceedings of the 4th International ICST Conference on Simulation Tools and Techniques
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
Hi-index | 0.00 |
Evaluation of mechanisms for anomaly and attack detection is still a challenging task and hard to achieve. This especially holds for the evaluation of the large-scale behavior and efficiency of distributed detection mechanisms. Since testbeds and real networks are no feasible means for large-scale evaluation, we present in this paper a toolchain for the large-scale evaluation of distributed attack detection based on the simulator OMNeT++. Particular focus is placed on simplicity and usability of the toolchain. The interplay of the individual tools is shown by means of an exemplary attack detection. Furthermore, a performance evaluation of the individual tools is presented that shows their limitations in terms of hardware and time constraints.