Uncovering Relations Between Traffic Classifiers and Anomaly Detectors via Graph Theory

Abstract : Network trac classification and anomaly detection have received much attention in the last few years. However, due to the the lack of common ground truth, proposed methods are evaluated through di- verse processes that are usually neither comparable nor reproducible. Our final goal is to provide a common dataset with associated ground truth resulting from the cross-validation of various algorithms. This paper deals with one of the substantial issues faced in achieving this ambitious goal: relating outputs from various algorithms. We propose a general methodology based on graph theory that relates outputs from diverse algorithms by taking into account all reported information. We validate our method by comparing results of two anomaly detectors which report traffic at different granularities. The proposed method succesfully identified simi- larities between the outputs of the two anomaly detectors although they report distinct features of the traffic.
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal-ens-lyon.archives-ouvertes.fr/ensl-00476021
Contributor : Pierre Borgnat <>
Submitted on : Friday, April 23, 2010 - 2:40:12 PM
Last modification on : Tuesday, November 19, 2019 - 2:43:59 AM
Long-term archiving on : Monday, October 22, 2012 - 3:22:27 PM

File

fontugne_tma2010.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : ensl-00476021, version 1

Collections

Citation

Romain Fontugne, Pierre Borgnat, Patrice Abry, Kensuke Fukuda. Uncovering Relations Between Traffic Classifiers and Anomaly Detectors via Graph Theory. COST-TMA (Traffic Measurement & Analysis) Workshop 2010, Apr 2010, Zurich, Switzerland. pp.101-114. ⟨ensl-00476021⟩

Share

Metrics

Record views

456

Files downloads

529