March 3, 2012

Critical Review of Research Paper “Towards Systematically Evaluating Flow-level Anomaly Detection Mechanisms”

Critical Review of Research Paper “Towards Systematically Evaluating Flow-level Anomaly Detection Mechanisms”

Download

Critical Review by Fahad Mahmood:

  1. Objective of this research paper:
    Objective of this research paper is to identify the hurdles in getting valid and correct statistics of network activity due to privacy concerns, anomaly variability and ground truth. And those hurdles are restricting the research community and industry to work on this issue so this research paper encouraged them to provide statistics of network activity/usage by adopting proposed methodologies.
  2. Flaws in this research paper:
    This research paper is really ambiguous instead of focusing the problem; it is giving solution in shape of another problem. It seems that the objective of this research paper is presented different but author was interested to stress on different points. Like the research paper gives a way to provide required statistics with security and author seems complaining that information is not available easily.
  3. Type of methodology/approach/framework has been used in this research paper:
    Systematically evaluating anomaly detection systems has been used in this research paper which are responsible for the situation in which available traffic traces are not complete and if available but still of limited use. Because of privacy concerns of ISPs and their customers, incapability of dealing with anomaly variability and application of manual labeling which is a biased way due to lack of better alternatives.
  4. Problems author has identified to resolve it:Three problems are identified as
    1. Privacy concerns (IP address reveals primarily the sensitive information)
    2. Anomaly variability (System can be failed in detection of lower anomaly intensities)
    3. Ground truth (Manual anomaly labeling being which involves biased-ness)

    Synthetic generation of flow-level traffic traces approach has been proposed to use as an alternative. Because it does not include any sensitive information and contain anomalies of different types and intensities.

Last updated: March 19, 2014