The need for simulation in evaluating anomaly detectors

被引：31

作者：

Ringberg, Haakon ^{[1
]}

Roughan, Matthew ^{[2
]}

Rexford, Jennifer ^{[1
]}

机构：

[1] Princeton Univ, Princeton, NJ 08544 USA

[2] Univ Adelaide, Adelaide, SA 5005, Australia

来源：

ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2008年 / 38卷 / 01期

关键词：

experimentation; performance; measurement;

D O I：

10.1145/1341431.1341443

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Anomalous events that affect the performance of networks are a fact of life. It is therefore not surprising that recent years have seen an explosion in research on network anomaly detection. What is quite surprising, however, is the lack of controlled evaluation of these detectors. In this paper we argue that there are numerous important questions regarding the effectiveness of anomaly detectors that cannot be answered by the evaluation techniques employed today. We present four central requirements of a rigorous evaluation that can only be met by simulating both the anomaly and its surrounding environment. While simulation is necessary, it is not sufficient. We therefore present an outline of an evaluation methodology that leverages both simulation and traces from operational networks.

引用

页码：55 / 59

页数：5

共 50 条

[31] Immunology-based subspace detectors for anomaly detection
Hang, Xiaoshu
Dai, Honghua
CHALLENGES IN INFORMATION TECHNOLOGY MANAGEMENT, 2008, : 204 - 212
[32] Regularization in the synthesis of host-based anomaly detectors
Michael, CC
SYSTEM DIAGNOSIS AND PROGNOSIS: SECURITY AND CONDITION MONITORING ISSUES III, 2003, 5107 : 150 - 161
[33] A meta-level analysis of online anomaly detectors
Antonios Ntroumpogiannis
Michail Giannoulis
Nikolaos Myrtakis
Vassilis Christophides
Eric Simon
Ioannis Tsamardinos
The VLDB Journal, 2023, 32 : 845 - 886
[34] Theoretical Simulation for Evaluating Error in Irradiance Measurement Using Optical Detectors Having Different Cosine Responses
Vijeta
Kapri, Rashtrapriya Kumar
Saha, Shibu
Jaiswal, V. K.
Sharma, Parag
MAPAN-JOURNAL OF METROLOGY SOCIETY OF INDIA, 2021, 36 (03): : 473 - 480
[35] Deconstructing the Assessment of Anomaly-based Intrusion Detectors
Viswanathan, Arun
Tan, Kymie
Neuman, Clifford
RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES, 2013, 8145 : 286 - 306
[36] Performance analysis of soft computing based Anomaly detectors
Department of Information Technology, Madras Institute of Technology, Anna University, Chennai, 600044, India
不详
Int. J. Netw. Secur., 2008, 3 (436-447):
[37] ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors
Rubinstein, Benjamin I. P.
Nelson, Blaine
Huang, Ling
Joseph, Anthony D.
Lau, Shing-hon
Rao, Satish
Taft, Nina
Tygar, J. D.
IMC'09: PROCEEDINGS OF THE 2009 ACM SIGCOMM INTERNET MEASUREMENT CONFERENCE, 2009, : 1 - 14
[38] Anomaly Extraction Using Association Rule with the Heterogeneous Detectors
Dharmadhikari, Madhavi
Kolhe, V. L.
2014 INTERNATIONAL CONFERENCE ON INFORMATION COMMUNICATION AND EMBEDDED SYSTEMS (ICICES), 2014,
[39] EVALUATING THE NEED FOR SOFTWARE MODIFICATION
LEOTE, DM
PERSONNEL JOURNAL, 1987, 66 (07) : 85 - 90
[40] EVALUATING THE NEED FOR A DELIVERY ROOM CHECKLIST IN EXTREMELY LOW BIRTH WEIGHT DELIVERIES VIA SIMULATION
Gonzalez, A. B.
Farner, R. C.
Vasquez, M. M.
JOURNAL OF INVESTIGATIVE MEDICINE, 2019, 67 (02) : 519 - 519

← 1 2 3 4 5 →