The need for simulation in evaluating anomaly detectors

被引:31
|
作者
Ringberg, Haakon [1 ]
Roughan, Matthew [2 ]
Rexford, Jennifer [1 ]
机构
[1] Princeton Univ, Princeton, NJ 08544 USA
[2] Univ Adelaide, Adelaide, SA 5005, Australia
来源
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2008年 / 38卷 / 01期
关键词
experimentation; performance; measurement;
D O I
10.1145/1341431.1341443
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Anomalous events that affect the performance of networks are a fact of life. It is therefore not surprising that recent years have seen an explosion in research on network anomaly detection. What is quite surprising, however, is the lack of controlled evaluation of these detectors. In this paper we argue that there are numerous important questions regarding the effectiveness of anomaly detectors that cannot be answered by the evaluation techniques employed today. We present four central requirements of a rigorous evaluation that can only be met by simulating both the anomaly and its surrounding environment. While simulation is necessary, it is not sufficient. We therefore present an outline of an evaluation methodology that leverages both simulation and traces from operational networks.
引用
收藏
页码:55 / 59
页数:5
相关论文
共 50 条
  • [21] A METHOD FOR EVALUATING THE PERFORMANCE OF PYROELECTRIC DETECTORS
    PUTLEY, EH
    INFRARED PHYSICS, 1980, 20 (03): : 139 - 147
  • [22] A new technique for evaluating gold anomaly
    Gong, ML
    TRANSACTIONS OF NONFERROUS METALS SOCIETY OF CHINA, 1996, 6 : 203 - 206
  • [23] A meta-level analysis of online anomaly detectors
    Ntroumpogiannis, Antonios
    Giannoulis, Michail
    Myrtakis, Nikolaos
    Christophides, Vassilis
    Simon, Eric
    Tsamardinos, Ioannis
    VLDB JOURNAL, 2023, 32 (04): : 845 - 886
  • [24] A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
    Ashfaq, Ayesha Binte
    Robert, Maria Joseph
    Mumtaz, Asma
    Ali, Muhammad Qasim
    Sajjad, Ali
    Khayam, Syed Ali
    RECENT ADVANCES IN INTRUSION DETECTION, RAID 2008, 2008, 5230 : 351 - 371
  • [25] An Approach to Improving Anomaly Detection Using Multiple Detectors
    Chand, Paaras
    Moh, Melody
    Moh, Teng-Sheng
    PROCEEDINGS OF THE 2022 16TH INTERNATIONAL CONFERENCE ON UBIQUITOUS INFORMATION MANAGEMENT AND COMMUNICATION (IMCOM 2022), 2022,
  • [26] Theoretical Simulation for Evaluating Error in Irradiance Measurement Using Optical Detectors Having Different Cosine Responses
    Rashtrapriya Kumar Vijeta
    Shibu Kapri
    V. K. Saha
    Parag Jaiswal
    MAPAN, 2021, 36 : 473 - 480
  • [27] Combining heterogeneous anomaly detectors for improved software security
    Khreich, Wael
    Murtaza, Syed Shariyar
    Hamou-Lhadj, Abdelwahab
    Talhi, Chamseddine
    JOURNAL OF SYSTEMS AND SOFTWARE, 2018, 137 : 415 - 429
  • [28] Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework
    Taylor, Adrian
    Leblanc, Sylvain
    Japkowicz, Nathalie
    IEEE INTELLIGENT SYSTEMS, 2018, 33 (02) : 54 - 62
  • [29] Constructing detectors in schema complementary space for anomaly detection
    Hang, XS
    Dai, HH
    GENETIC AND EVOLUTIONARY COMPUTATION - GECCO 2004, PT 1, PROCEEDINGS, 2004, 3102 : 275 - 286
  • [30] Negative selection algorithm with constant detectors for anomaly detection
    Li, Dong
    Liu, Shulin
    Zhang, Hongli
    APPLIED SOFT COMPUTING, 2015, 36 : 618 - 632
12345