FLAME: A Flow-Level Anomaly Modeling Engine

10 years 27 days ago
FLAME: A Flow-Level Anomaly Modeling Engine
There are several remaining open questions in the area of flow-based anomaly detection, e.g., how to do meaningful evaluations of anomaly detection mechanisms; how to get conclusive information about the origin and nature of an anomaly; or how to detect low intensity attacks. In order to answer these questions, network traffic traces that are representative for a specific test environment, and that contain anomalies with selected characteristics are a prerequisite. In this work, we present flame, a tool for injection of hand-crafted anomalies into a given background traffic trace. This tool combines the controllability offered by simulation with the realism provided by captured traffic traces. We present the design and prototype implementation of flame, and show how it is applied to inject three example anomalies into a given flow trace. We believe that flame can contribute significantly to the development and evaluation of advanced anomaly detection mechanisms.
Daniela Brauckhoff, Arno Wagner, Martin May
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Daniela Brauckhoff, Arno Wagner, Martin May
Comments (0)