Show simple item record  

dc.contributor.advisorNelson, Richard
dc.contributor.advisorMayo, Michael
dc.contributor.advisorMcGregor, Anthony James
dc.contributor.authorLöf, Andreas
dc.date.accessioned2013-10-01T02:12:06Z
dc.date.available2013-10-22T21:12:37Z
dc.date.issued2013
dc.identifier.citationLöf, A. (2013). Improving the Evaluation of Network Anomaly Detection Using a Data Fusion Approach (Thesis, Doctor of Philosophy (PhD)). University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/8041en
dc.identifier.urihttps://hdl.handle.net/10289/8041
dc.descriptionAny future extensions or updates will be published as a part of WAND's ongoing research projects: http://research.wand.net.nz
dc.description.abstractCurrently, the evaluation of network anomaly detection methods is often not repeatable. It is difficult to ascertain if different implementations of the same methods have the same performance or the relative performance of different methods. This is in part due to a lack of open implementations, the absence of recent datasets and no common format to express results. A common approach to evaluating a method is to use the Defense Advanced Research Projects Agency (DARPA) 1999 datasets, or a derivative of them, in combination with a different dataset or network capture. The DARPA datasets are relatively old and bear little resemblance to modern day traffic and the other datasets are unlabelled and typically publicly unavailable making it difficult to ascertain the validity of the research evaluated in such a way. This thesis primarily contributes a new evaluation methodology that uses a data fusion based approach that allows for reproducible evaluations with modern datasets. The new methodology incorporates three other contributions: A new way to capture network traces that are fully anonymised yet retains more information than any current network traces and a new trace annotation format and a method for verifying the correctness of the annotations. The DARPA 1999 dataset was used to demonstrate the validity of the approach and an evaluation was performed on a new dataset that has been captured using the methods introduced. In the evaluation we find that methodology is a viable approach forward, but that it comes with a different set of drawbacks than the current state of the art.
dc.format.mimetypeapplication/pdf
dc.format.mimetypeapplication/x-gzip
dc.format.mimetypeapplication/x-gzip
dc.format.mimetypeapplication/x-gzip
dc.format.mimetypeapplication/x-gzip
dc.format.mimetypeapplication/x-gzip
dc.language.isoen
dc.publisherUniversity of Waikato
dc.rightsAll items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
dc.subjectnetwork anomaly detection
dc.subjectnetwork capture
dc.subjectintrusion detection
dc.subjectdata fusion
dc.titleImproving the Evaluation of Network Anomaly Detection Using a Data Fusion Approach
dc.typeThesis
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Waikato
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy (PhD)
dc.date.updated2013-10-01T02:10:30Z
uow.relation.urihttp://wand.net.nz/wits/waikato/8/
uow.relation.urihttp://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
pubs.place-of-publicationHamilton, New Zealanden_NZ


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record