On The Self-Similarity Of Synthetic Traffic For The Evaluation Of Intrusion Detection Systems
Character generation; Computer science; Force measurement; Intrusion detection; IP networks; Local area networks; Protocols; Telecommunication traffic; Testing; Traffic control
The difficulty of quantifying the accuracy of intrusion detection tools against real network data mandates that researchers use simulated attack data for the partial evaluation of such tools. In 1998 and 1999 researchers at MIT Lincoln Labs produced datasets both with and without attack data specifically for use by those interested in developing intrusion detection tools. Because self-similarity has been shown to be a statistical property of real network traffic, this paper examines the attack-free datasets for the presence of self-similarity in various time periods. The results offer insight for researchers who may wish to use specific subsets of the data for testing. Where the results indicate a lack of self-similarity in the data, the likely cause was determined to be either a low activity level or traffic that was dominated by a single protocol, thus forcing the overall distribution to match its own.
Proceedings - 2003 Symposium on Applications and the Internet, SAINT 2003
Number of Pages
Article; Proceedings Paper
Source API URL
Allen, W. H. and Marin, G. A., "On The Self-Similarity Of Synthetic Traffic For The Evaluation Of Intrusion Detection Systems" (2003). Scopus Export 2000s. 1955.