Experimental evaluation in computer science: a quantitative study
Journal of Systems and Software
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
ACM President's Letter: What is experimental computer science?
Communications of the ACM
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
The 1998 Lincoln Laboratory IDS Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A Survey of Controlled Experiments in Software Engineering
IEEE Transactions on Software Engineering
MANET simulation studies: the incredibles
ACM SIGMOBILE Mobile Computing and Communications Review - Special Issue on Medium Access and Call Admission Control Algorithms for Next Generation Wireless Networks.: The Digital Library version of this issue has a corrected special issue title compared to the one in the print version of the issue.
A Framework for the Evaluation of Intrusion Detection Systems
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
IEEE/ACM Transactions on Networking (TON)
On the success of empirical studies in the international conference on software engineering
Proceedings of the 28th international conference on Software engineering
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Towards optimal sampling for flow size estimation
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
An update to experimental models for validating computer technology
Journal of Systems and Software
Empirical evaluation in Computer Science research published by ACM
Information and Software Technology
On credibility of simulation studies of telecommunication networks
IEEE Communications Magazine
Improved anomaly detection using block-matching denoising
Computer Communications
Network intrusion detection system: a machine learning approach
Intelligent Decision Technologies
An effective unsupervised network anomaly detection method
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Minimal complexity attack classification intrusion detection system
Applied Soft Computing
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
Hi-index | 0.00 |
Since the first introduction of anomaly-based intrusion detection to the research community in 1987, the field has grown tremendously. A variety of methods and techniques introducing new capabilities in detecting novel attacks were developed. Most of these techniques report a high detection rate of 98% at the low false alarm rate of 1%. In spite of the anomaly-based approach's appeal, the industry generally favors signature-based detection for mainstream implementation of intrusion-detection systems. While a variety of anomaly-detection techniques have been proposed, adequate comparison of these methods' strengths and limitations that can lead to potential commercial application is difficult. Since the validity of experimental research in academic computer science, in general, is questionable, it is plausible to assume that research in anomaly detection shares the above problem. The concerns about the validity of these methods may partially explain why anomaly-based intrusion-detection methods are not adopted by industry. To investigate this issue, we review the current state of the experimental practice in the area of anomaly-based intrusion detection and survey 276 studies in this area published during the period of 2000-2008. We summarize our observations and identify the common pitfalls among surveyed works.