On The Self-Similarity Of Synthetic Traffic For The Evaluation Of Intrusion Detection Systems


Character generation; Computer science; Force measurement; Intrusion detection; IP networks; Local area networks; Protocols; Telecommunication traffic; Testing; Traffic control


The difficulty of quantifying the accuracy of intrusion detection tools against real network data mandates that researchers use simulated attack data for the partial evaluation of such tools. In 1998 and 1999 researchers at MIT Lincoln Labs produced datasets both with and without attack data specifically for use by those interested in developing intrusion detection tools. Because self-similarity has been shown to be a statistical property of real network traffic, this paper examines the attack-free datasets for the presence of self-similarity in various time periods. The results offer insight for researchers who may wish to use specific subsets of the data for testing. Where the results indicate a lack of self-similarity in the data, the likely cause was determined to be either a low activity level or traffic that was dominated by a single protocol, thus forcing the overall distribution to match its own.

Publication Date


Publication Title

Proceedings - 2003 Symposium on Applications and the Internet, SAINT 2003

Number of Pages


Document Type

Article; Proceedings Paper

Personal Identifier


DOI Link


Socpus ID

84943421730 (Scopus)

Source API URL


This document is currently not available here.