|
Authors: | Daniela Brauckhoff, Martin May, Bernhard Plattner |
Group: | Communication Systems |
Type: | Inproceedings |
Title: | Comparison of Anomaly Signal Quality in Common Detection Metrics |
Year: | 2007 |
Month: | June |
Pub-Key: | BMP2007a |
Publisher: | ACM SIGMETRICS 2007, MineNet Workshop |
Abstract: | Problems involving classification and pattern recognition can often be profitably viewed from the perspective of signal de- tection theory. We present ANEX (ANomaly EXposure), a simple and intuitive measure for comparing anomaly de- tection metrics regarding their capability to expose certain types of anomalies. ANEX is based on signal detection theory and determines the anomaly signal quality with the help of the intersection area of the metric’s probability den- sity functions in the normal and anomalous case. We il- lustrate the applicability of our measure by comparing 15 frequently-used detection metrics for the Blaster worm and discuss some early results by comparing NetFlow data from four different border gateway routers of a medium-sized ISP network. |
Location: | San Diego, CA, USA |
Resources: | [BibTeX] |