Abstract
Despite the flurry of anomaly-detection papers in recent years, effective ways to validate and compare proposed solutions have remained elusive. We argue that evaluating anomaly detectors on manually labeled traces is both important and unavoidable. In particular, it is important to evaluate detectors on traces from operational networks because it is in this setting that the detectors must ultimately succeed. In addition, manual labeling of such traces is unavoidable because new anomalies will be identified and characterized from manual inspection long before there are realistic models for them. It is well known, however, that manual labeling is slow and error-prone. In order to mitigate these challenges, we present WebClass, a web-based infrastructure that adds rigor to the manual labeling process. WebClass allows researchers to share, inspect, and label traffic time-series through a common graphical user interface. We are releasing WebClass to the research community in the hope that it will foster greater collaboration in creating labeled traces and that the traces will be of higher quality because the entire community has access to all the information that led to a given label
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference20 articles.
1. A signal analysis of network traffic anomalies
2. Cisco NetFlow http://www.cisco.com/en/US/products/ps6601/products ios protocol group home.html Cisco NetFlow http://www.cisco.com/en/US/products/ps6601/products ios protocol group home.html
3. Automatically inferring patterns of resource consumption in network traffic
4. Garrett J. J. Ajax: A new approach to web applications. http://www.adaptivepath.com/publications/essays/archives/000385.php Garrett J. J. Ajax: A new approach to web applications. http://www.adaptivepath.com/publications/essays/archives/000385.php
5. Diagnosing network disruptions with network-wide analysis
Cited by
13 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献