Show simple item record

dc.contributor.advisorChan, Philip K.
dc.contributor.authorMahoney, Matthew V.
dc.contributor.authorChan, Philip K.
dc.date.accessioned2013-11-05T14:56:20Z
dc.date.available2013-11-05T14:56:20Z
dc.date.issued2003-01-27
dc.identifier.citationMahoney, M.V., Chan, P.K. (2003). An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection (CS-2003-02). Melbourne, FL. Florida Institute of Technology.en_US
dc.identifier.otherCS-2003-02
dc.identifier.urihttp://hdl.handle.net/11141/109
dc.description.abstractWe investigate potential simulation artifacts and their effects on the evaluation of network anomaly detection systems in the 1999 DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set. A statistical comparison of the simulated background and training traffic with real traffic collected from a university departmental server suggests the presence of artifacts that could allow a network anomaly detection system to detect some novel intrusions based on idiosyncrasies of the underlying implementation of the simulation, with an artificially low false alarm rate. The evaluation problem can be mitigated by mixing real traffic into the simulation. We compare five anomaly detection algorithms on simulated and mixed traffic. On mixed traffic they detect fewer attacks, but the explanations for these detections are more plausible.en_US
dc.language.isoen_USen_US
dc.rightsCopyright held by authors.en_US
dc.titleAn analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detectionen_US
dc.typeTechnical Reporten_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record