Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Introduction Read chapter Read first chapter

2017 | Supplement | Chapter

7. Evaluation Criteria

Authors : Monowar H. Bhuyan, Dhruba K. Bhattacharyya, Jugal K. Kalita

Published in: Network Traffic Anomaly Detection and Prevention

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Performance evaluation is a major part of any network traffic anomaly detection technique or system. Without proper evaluation, it is difficult to make the case that a detection mechanism can be deployed in a real-time environment. An evaluation of a method or a system in terms of accuracy or quality provides a snapshot of its performance in time. As time passes, new vulnerabilities may evolve, and current evaluations may become irrelevant. The evaluation of an intrusion detection system (IDS) involves activities such as collection of attack traces, construction of a proper IDS evaluation environment, and adoption of solid evaluation methodologies. In this chapter, we introduce commonly used performance evaluation measures for IDS evaluation. The main measures include accuracy, performance, completeness, timeliness, reliability, quality, and AUC area. It is beneficial to identify the advantages and disadvantages of different detection methods or systems.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Practical Tools for Attackers and Defenders
next chapter Open Issues, Challenges, and Conclusion
Literature
1.
Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3(3), 186–205 (2000)MathSciNetCrossRef
2.
Dokas, P., Ertoz, L., Lazarevic, A., Srivastava, J., Tan, P.N.: Data mining for network intrusion detection. In: Proceedings of the NSF Workshop on Next Generation Data Mining (2002)
3.
Ghorbani, A.A., Lu, W., Tavallaee, M.: Network Intrusion Detection and Prevention: Concepts and Techniques. Advances in Information Security. Springer, New York (2009)
4.
Joshi, M.V., Agarwal, R.C., Kumar, V.: Predicting rare classes: can boosting make any weak learner strong? In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 297–306. ACM, New York (2002)
5.
Lippmann, R.P., Fried, D.J., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Wyschogord, S.W.D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA offline intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 12–26 (2000)
6.
Maxion, R.A., Roberts, R.R.: Proper use of ROC curves in intrusion/anomaly detection. Technical report CS-TR-871, School of Computing Science, University of Newcastle upon Tyne (2004)
7.
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: Proceedings of the ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, pp. 5–8 (2001)
8.
Provost, F.J., Fawcett, T.: Robust classification for imprecise environments. Mach. Learn. 42(3), 203–231 (2001)CrossRefMATH
9.
Sekar, R., Guang, Y., Verma, S., Shanbhag, T.: A high-performance network intrusion detection system. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 8–17. ACM, New York (1999)
10.
Wang, Y.: Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection. Information Science Reference, IGI Publishing, Hershey (2008)
11.
Weiss, S.M., Zhang, T.: Performance alanysis and evaluation. In: Ye, N. (ed.) The Handbook of Data Mining, pp. 426–439. Lawrence Erlbaum Associates, Mahwah (2003)
Metadata
Title
Evaluation Criteria
Authors
Monowar H. Bhuyan
Dhruba K. Bhattacharyya
Jugal K. Kalita
Copyright Year
2017
Book
Network Traffic Anomaly Detection and Prevention

Print ISBN: 978-3-319-65186-6

Electronic ISBN: 978-3-319-65188-0

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-65188-0_7

Premium Partner

    Image Credits