Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions

Miller, Nicholas J.; Aliasgari, Mehrdad

doi:10.5121/ijnsa.2018.10501

Cited by 7 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we propose a novel methodology to compare netflow-based network anomaly detection systems using synthetically generated malicious traffic modeling a propagating computer worm [5]. The novelty of our work lies in the fact that we have used malicious traffic as the focus instead of normal traffic to evaluate NF-NAD systems [6]. For this methodology, we have restricted the malicious traffic to common attacks-distributed denial of service attacks (DDoS) [7] and scanning attacks.…”

Section: Introductionmentioning

confidence: 99%

An evaluation design for comparing netflow based network anomaly detection systems using synthetic malicious traffic

Bardhan¹,

Hatada²,

Filliben³

et al. 2021

View full text Add to dashboard Cite

In this paper, we present a procedure to evaluate and compare multiple netflow based network anomaly detection (NF-NAD) systems based on accuracy of detection and mean time of detection. Conventionally, different variations of benign or normal traffic have been used to evaluate NF-NAD systems. Here we showcase a methodology where benign traffic is constant through the entirety of the experiment. We create different variations of synthetic malicious traffic to evaluate and compare NF-NAD systems. A two-phase approach is used to measure the accuracy and learning capability of the NF-NAD system. We have created a designed experiment (having factors, levels and design points) to showcase our methodology.

show abstract

Section: Introductionmentioning

confidence: 99%