Simulating application level self-similar network traffic using hybrid heavy-tailed distributions
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Self-similarity based lightweight intrusion detection method for cloud computing
ACIIDS'11 Proceedings of the Third international conference on Intelligent information and database systems - Volume Part II
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
| Hi-index | 0.00 |
The difficulty of quantifying the accuracy of intrusion detection tools against real network data mandates that researchers use simulated attack data for the partial evaluation of such tools. In 1998 and 1999 researchers at MIT Lincoln Labs produced datasets both with and without attackdata specifically for use by those interested in developingintrusion detection tools. Because self-similarity has beenshown to be a statistical property of real network traffic, thispaper examines the attack-free datasets for the presence ofself-similarity in various time periods. The results offer insight for researchers who may wish to use specific subsetsof the data for testing. Where the results indicate a lack ofself-similarity in the data, the likely cause was determinedto be either a low activity level or traffic that was dominatedby a single protocol, thus forcing the overall distribution tomatch its own.