Title

On The Self-Similarity Of Synthetic Traffic For The Evaluation Of Intrusion Detection Systems

Keywords

Character generation; Computer science; Force measurement; Intrusion detection; IP networks; Local area networks; Protocols; Telecommunication traffic; Testing; Traffic control

Abstract

The difficulty of quantifying the accuracy of intrusion detection tools against real network data mandates that researchers use simulated attack data for the partial evaluation of such tools. In 1998 and 1999 researchers at MIT Lincoln Labs produced datasets both with and without attack data specifically for use by those interested in developing intrusion detection tools. Because self-similarity has been shown to be a statistical property of real network traffic, this paper examines the attack-free datasets for the presence of self-similarity in various time periods. The results offer insight for researchers who may wish to use specific subsets of the data for testing. Where the results indicate a lack of self-similarity in the data, the likely cause was determined to be either a low activity level or traffic that was dominated by a single protocol, thus forcing the overall distribution to match its own.

Publication Date

1-1-2003

Publication Title

Proceedings - 2003 Symposium on Applications and the Internet, SAINT 2003

Number of Pages

242-248

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/SAINT.2003.1183056

Socpus ID

84943421730 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84943421730

This document is currently not available here.

Share

COinS