Empirical Evaluation of the Internet Analysis System for Application in the Field of Anomaly Detection

Research output: Chapter in Book/Report/Conference proceedingsConference contribution

Abstract

Anomaly detection in computer networks is an actively researched topic in the field of intrusion detection. The Internet Analysis System (IAS) is a software framework which provides passive probes and centralized backend services to collect purely statistical network data in distributed computer networks. This paper presents an empirical evaluation of the IAS data format for detecting anomalies, caused by attack traffic. This process involved the generation of labeled evaluation data based on the 1999 DARPA Intrusion Detection Evaluation data sets and two different supervised machine learning approaches for the assessment. The results of this evaluation conclude, that the IAS is not a convenient data source for advanced anomaly detection in the scope of our research.
Original languageEnglish
Title of host publicationProceedings - European Conference on Computer Network Defense, EC2ND 2010
PublisherIEEE Computer Society Press
Pages63-70
Number of pages8
ISBN (Print)9780769543116
DOIs
Publication statusPublished - 2010
EventEC2ND 2010 - Berlin, Germany
Duration: 28 Oct 201029 Oct 2010
http://2010.ec2nd.org

Publication series

NameProceedings - European Conference on Computer Network Defense, EC2ND 2010

Conference

ConferenceEC2ND 2010
Country/TerritoryGermany
CityBerlin
Period28.10.201029.10.2010
Internet address

Keywords

  • evaluation data
  • intrusion detection
  • machine learning
  • supervised anomaly detection
  • Supervised anomaly detection
  • Intrusion detection
  • Machine learning
  • Evaluation data

Fingerprint

Dive into the research topics of 'Empirical Evaluation of the Internet Analysis System for Application in the Field of Anomaly Detection'. Together they form a unique fingerprint.

Cite this