MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking

Proceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10

Volumn , Issue , 2010, Pages

  Fontugne, Romain ^a   Borgnat, Pierre ^b   Abry, Patrice ^b   Fukuda, Kensuke ^a,c  

^a GRADUATE UNIVERSITY FOR ADVANCED STUDIES   (Japan)

^b CNRS   (France)

^c NATIONAL INSTITUTE OF INFORMATICS   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTOR; COMBINATION STRATEGIES; DIMENSIONALITY REDUCTION; FALSE POSITIVE; GRAPH-BASED; GROUND TRUTH; PERFORMANCE BENCHMARKING; TRAFFIC FEATURES; TRAFFIC MONITORING; TRAFFIC TRACES;

ALARM SYSTEMS; EXPERIMENTS;

DETECTORS;

EID: 79951608572     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1921168.1921179     Document Type: Conference Paper

References (35)

1. MAWILab. http://www.fukuda-lab.org/mawilab/.
2. R. Agrawal and R. Srikant. Fast algorithms for mining association rules in large databases. In VLDB '94, pages 487-499, 1994.
3. A. B. Ashfaq, M. Javed, S. A. Khayam, and H. Radha. An information-theoretic combining method for multi-classifier anomaly detection systems. ICC '10, page 5, 2010.
4. P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. IMW '02, pages 71-82, 2002.
5. J.-P. Benzécri. Correspondence Analysis Handbook. Marcel Dekker, New York, 1992.
6. V. D. Blondel, J.-L. Guillaume, R. Lambiotte, and E. Lefebvre. Fast unfolding of communities in large networks. J.STAT.MECH., 2008.
7. P. Borgnat, G. Dewaele, K. Fukuda, P. Abry, and K. Cho. Seven years and one day: Sketching the evolution of internet traffic. INFOCOM '09, pages 711-719, 2009.
8. D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian. Anomaly extraction in backbone networks using association rules. IMC '09, pages 28-34, 2009.
9. K. Cho, K. Mitsuya, and A. Kato. Traffic data repository at the WIDE project. In USENIX 2000 Annual Technical Conference: FREENIX Track, pages 263-270, 2000.
10. H. chul Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet traffic classification demystified: Myths, caveats, and the best practices. CoNEXT '08, 2008.
11. G. Dewaele, K. Fukuda, P. Borgnat, P. Abry, and K. Cho. Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. SIGCOMM LSAD '07, pages 145-152, 2007.
12. S. Floyd and V. Paxson. Difficulties in simulating the internet. IEEE/ACM Trans. Netw., 9(4):392-403, 2001. (Pubitemid 32933055)
13. R. Fontugne, P. Borgnat, P. Abry, and K. Fukuda. Uncovering relations between traffic classifiers and anomaly detectors via graph theory. In International Workshop on Traffic Monitoring and Analysis (TMA '10), pages 101-114, 2010.
14. R. Fontugne and K. Fukuda. A Hough-transform-based anomaly detector with an adaptive time interval. ACM SAC '11, 2011.
15. S. Fortunato. Community detection in graphs. Physics Reports, 486(3-5):75-174, 2010.
16. H. Gupta, V. J. Ribeiro, and A. Mahanti. A longitudinal study of small-time scaling behavior of internet traffic. In Proceedings of NETWORKING 2010, pages 83-95, 2010.
17. Y. Himura, K. Fukuda, K. Cho, and H. Esaki. An automatic and dynamic parameter tuning of a statistics-based anomaly detection algorithm. ICC '09, page 6, 2009.
18. Y. Kanda, K. Fukuda, and T. Sugawara. An evaluation of anomaly detection based on sketch and PCA. GLOBECOM '10, 2010.
19. T. Karagiannis, M. Molle, M. Faloutsos, and A. Broido. A nonstationary poisson view of internet traffic. In INFOCOM '04, 2004.
20. L. I. Kuncheva. Combining Pattern Classifiers: Methods and Algorithms. Wiley-Interscience, 2004.
21. A. Lakhina, M. Crovella, and C. Diot. Diagnosing networkwide traffic anomalies. SIGCOMM '04, pages 219-230, 2004.
22. A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. SIGCOMM '05, pages 217-228, 2005.
23. X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina. Detection and identification of network anomalies using sketch subspaces. IMC '06, pages 147-152, 2006.
24. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. The 1999 darpa off-line intrusion detection evaluation. Computer Networks, 34(4):579-595, 2000.
25. J. Mchugh. Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur., 3(4):262-294, 2000.
26. C. J. Merz. Using correspondence analysis to combine classifiers. Mach. Learn., 36(1-2):33-58, 1999.
27. G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang. An empirical evaluation of entropy-based traffic anomaly detection. IMC '08, pages 151-156, 2008.
28. P. Owezarski. A database of anomalous traffic for assessing profile based IDS. In International Workshop on Traffic Monitoring and Analysis (TMA '10), pages 59-72, 2010.
29. H. Ringberg, M. Roughan, and J. Rexford. The need for simulation in evaluating anomaly detectors. SIGCOMM Comput. Commun. Rev., 38(1):55-59, 2008.
30. H. Ringberg, A. Soule, J. Rexford, and C. Diot. Sensitivity of PCA for traffic anomaly detection. SIGMETRICS Perform. Eval. Rev., 35(1):109-120, 2007. (Pubitemid 350158077)
31. B. I. Rubinstein, B. Nelson, L. Huang, A. D. Joseph, S.-h. Lau, S. Rao, N. Taft, and J. D. Tygar. Antidote: understanding and defending against poisoning of anomaly detectors. IMC '09, pages 1-14, 2009.
32. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry. Non-Gaussian and Long Memory Statistical Characterisations for Internet Traffic with Anomalies. IEEE Transaction on Dependable and Secure Computing, 4(1):56-70, 02 2007.
33. S. Shanbhag and T. Wolf. Accurate anomaly detection through parallelism. Netwrk. Mag. of Global Internetwkg., 23(1):22-28, 2009.
34. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani. A detailed analysis of the kdd cup 99 data set. IEEE international conference on Computational intelligence for security and defense applications (CISDA '09), pages 53-58, 2009.
35. K. Xu, Z.-L. Zhang, and S. Bhattacharyya. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans. Netw., 16(6):1241-1252, 2008.