metadata format for benchmarking anomaly detection
play

Metadata format for benchmarking anomaly detection algorithms Youki - PowerPoint PPT Presentation

Oct 29, 2022 •336 likes •444 views

Metadata format for benchmarking anomaly detection algorithms Youki Kadobayashi NICT / NAIST youki-k <at> is.naist.jp 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008 Anomaly detection algorithms:

  1. Metadata format for benchmarking anomaly detection algorithms Youki Kadobayashi NICT / NAIST youki-k <at> is.naist.jp 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  2. Anomaly detection algorithms: The problem ● We are still in the dark ages ● Incompatible datasets ● ● Incomparable results ● ● No technical method to accurately communicate the result of anomaly detection, even if we share the common dataset ● Inability to benchmark their performance 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  3. Metadata format for anomaly detection algorithms ● Separate file for each algorithm ● XML-based ● header, {record1, record2, …} ● ● Envelope information: rely on datcat tools 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  4. Header ● Algorithm name ● Algorithm version ● Algorithm URL ● Parameters given to the algorithm ● Date of analysis ● Analyst name ● Analyst organization ● Target dataset ● DATCAT dataset name 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  5. Record ● Each record consists of: ● src, dst, start_time, end_time, anomaly_type, anomaly_value ● ● Arbitrary number of records ● ● Either src or dst can be wildcard 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  6. API ● label_data(int handle, in_addr_t src, in_addr_t dst, time_t start, time_t end, string anomaly_type, float anomaly_value) ● label_data_ex(int handle, in_addr_t[] src, in_addr_t[] dst, time_t start, time_t end, string anomaly_type, float anomaly_value) 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  7. Slicing ● Slice anomalous segments of pcap data ● Based on anomaly_type, anomaly_value ● ● Slice pcap data according to start_time, end_time ● ● Useful for generating synthetic dataset 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  8. Merging ● Insert pcap slice B into pcap slice A ● At particular time offset ● ● Useful for benchmarking anomaly detection algorithms with synthetic dataset 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  9. Comparison ● Visualize the spotted anomalies along timeline ● ● Compute coverage and support, generate HTML table 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

  10. Current status ● Implementation in progress ● ● Your comments are welcomed ● ● youki-k <at> is.naist.jp 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series &lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

Introduction Feature Extraction Entropy Calculation Anomaly detection Classification Open Issues On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015

690 views • 24 slides
ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand annual report readability Examine the

1.12k views • 85 slides
An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate April 25, 2010 The 3rd CAIDA-WIDE-CASFI Joint Measurement Workshop @Osaka 1 2010 4 25 Background Anomaly Detection:

331 views • 20 slides
Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection CAMCOS 2009 Introduction ADAPT Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM Algorithm Kalman Filter Maja Derek, Kate Isaacs, Duncan McElfresh, Jennifer Alarm Murguia,

1.4k views • 96 slides
A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang

A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang

A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang Altmannshofer, Bhupal Dev, Amarjit Soni Introduction of B-anomaly Introduction of B-anomaly Introduction of B-anomaly Gregory Ciezarek, etl, ,

964 views • 78 slides
Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood Tariq, Fareed Zaffar LUMS Fine-Grained Tracking of Grid Infections p. 1/18 Introduction Grid semantics Not middleware-specific Distributed

644 views • 18 slides
Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A.

Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A.

Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A. Campbell Michael D. Byrne Department of Psychology Rice University Houston, TX bryan.campbell@rice.edu byrne@acm.org http://chil.rice.edu/ Overview

802 views • 29 slides
Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki

Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki

Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki North Carolina State University Sep, 2019 @ ICTP, Trieste Collaborators: Aleksey Cherman, Theodore Jacobson (UMN), Mithat Unsal (NCSU)

538 views • 29 slides
Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie

Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie

Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie Department of Computer Science Columbia University Joint work with Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo Motivation and

487 views • 28 slides
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka,

A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka,

A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin Madison Fall, 2002 Overview Motivation: Anomaly detection remains difficult Objective : Improve

465 views • 19 slides
from System Logs through Deep Learning Min Du , Feifei Li, Guineng Zheng, Vivek Srikumar

from System Logs through Deep Learning Min Du , Feifei Li, Guineng Zheng, Vivek Srikumar

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning Min Du , Feifei Li, Guineng Zheng, Vivek Srikumar University of Utah Background 2 Background System Event Log 3 Background System Event Log Available

1.08k views • 106 slides
StrobeLight: Lightweight Availability Mapping and Anomaly Detection James Mickens, John Douceur,

StrobeLight: Lightweight Availability Mapping and Anomaly Detection James Mickens, John Douceur,

StrobeLight: Lightweight Availability Mapping and Anomaly Detection James Mickens, John Douceur, Bill Bolosky Brian Noble At any given moment, how can we tell which enterprise machines are online and network-reachable? Mobile AJAX

603 views • 34 slides

More recommend