Title :
On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems
Author :
Allen, William H. ; Marin, Gerald A.
Author_Institution :
Sch. of Electr. Eng. & Comput. Sci., Central Florida Univ., Orlando, FL, USA
Abstract :
The difficulty of quantifying the accuracy of intrusion detection tools against real network data mandates that researchers use simulated attack data for the partial evaluation of such tools. In 1998 and 1999 researchers at MIT Lincoln Labs produced datasets both with and without attack data specifically for use by those interested in developing intrusion detection tools. Because self-similarity has been shown to be a statistical property of real network traffic, this paper examines the attack-free datasets for the presence of self-similarity in various time periods. The results offer insight for researchers who may wish to use specific subsets of the data for testing. Where the results indicate a lack of self-similarity in the data, the likely cause was determined to be either a low activity level or traffic that was dominated by a single protocol, thus forcing the overall distribution to match its own.
Keywords :
computer network management; security of data; telecommunication security; telecommunication traffic; attack-free datasets; intrusion detection tools; partial evaluation; protocol; real network data; self-similarity; simulated attack data; statistical property; synthetic traffic; testing; time periods; Character generation; Computer science; Force measurement; IP networks; Intrusion detection; Local area networks; Protocols; Telecommunication traffic; Testing; Traffic control;
Conference_Titel :
Applications and the Internet, 2003. Proceedings. 2003 Symposium on
Print_ISBN :
0-7695-1872-9
DOI :
10.1109/SAINT.2003.1183056
