Research Commons
      • Browse 
        • Communities & Collections
        • Titles
        • Authors
        • By Issue Date
        • Subjects
        • Types
        • Series
      • Help 
        • About
        • Collection Policy
        • OA Mandate Guidelines
        • Guidelines FAQ
        • Contact Us
      • My Account 
        • Sign In
        • Register
      View Item 
      •   Research Commons
      • University of Waikato Theses
      • Higher Degree Theses
      • View Item
      •   Research Commons
      • University of Waikato Theses
      • Higher Degree Theses
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Improving the Evaluation of Network Anomaly Detection Using a Data Fusion Approach

      Löf, Andreas
      Thumbnail
      Files
      thesis.pdf
      Main text, 2.248Mb
      traceannotation.tgz
      Annotation library, 17.46Kb
      traceannotater.tgz
      Annotation conversion tools, 60.47Kb
      annotations.tgz
      Network trace annotations, 42.06Mb
      fusion.tgz
      Data fusion components, 29.31Kb
      anomalydetection.tgz
      Anomaly detection implementations, 64.78Kb
      Citation
      Export citation
      Löf, A. (2013). Improving the Evaluation of Network Anomaly Detection Using a Data Fusion Approach (Thesis, Doctor of Philosophy (PhD)). University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/8041
      Permanent Research Commons link: https://hdl.handle.net/10289/8041
      Abstract
      Currently, the evaluation of network anomaly detection methods is often not repeatable. It is difficult to ascertain if different implementations of the same methods have the same performance or the relative performance of different methods. This is in part due to a lack of open implementations, the absence of recent datasets and no common format to express results.

      A common approach to evaluating a method is to use the Defense Advanced Research Projects Agency (DARPA) 1999 datasets, or a derivative of them, in combination with a different dataset or network capture. The DARPA datasets are relatively old and bear little resemblance to modern day traffic and the other datasets are unlabelled and typically publicly unavailable making it difficult to ascertain the validity of the research evaluated in such a way.

      This thesis primarily contributes a new evaluation methodology that uses a data fusion based approach that allows for reproducible evaluations with modern datasets.

      The new methodology incorporates three other contributions: A new way to capture network traces that are fully anonymised yet retains more information than any current network traces and a new trace annotation format and a method for verifying the correctness of the annotations.

      The DARPA 1999 dataset was used to demonstrate the validity of the approach and an evaluation was performed on a new dataset that has been captured using the methods introduced. In the evaluation we find that methodology is a viable approach forward, but that it comes with a different set of drawbacks than the current state of the art.
      Date
      2013
      Type
      Thesis
      Degree Name
      Doctor of Philosophy (PhD)
      Supervisors
      Nelson, Richard
      Mayo, Michael
      McGregor, Anthony James
      Publisher
      University of Waikato
      Rights
      All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
      Additional information
      Any future extensions or updates will be published as a part of WAND's ongoing research projects: http://research.wand.net.nz
      Supplementary material
       wand.net.nz
       www.ll.mit.edu
      Collections
      • Higher Degree Theses [1714]
      Show full item record  

      Usage

      Downloads, last 12 months
      131
       
       

      Usage Statistics

      For this itemFor all of Research Commons

      The University of Waikato - Te Whare Wānanga o WaikatoFeedback and RequestsCopyright and Legal Statement