Workload
Generator
Anomaly
Detector
Ground
Truth Key
Performance
Mapper
Principled
Figure of
Merit
• Calibrated benchmarks for testing anomaly detectors.
• Map coverage of anomaly-detection algorithms.
• Sound methodologies for system-effectiveness measurement.
• Theory upon which detector designs can be based.
Anomaly
Injector
The research results are expected to bear on fundamental questions about anomaly-detection systems:
• What factors influence the performance of a detection system?
• What are the conditions under which intrusion/event detection systems work well or work poorly?
• How should the capabilities of particular detection algorithms be matched against the characteristics of particular data/sensor streams?
• What measure of assurance can justifiably be placed on the dependability of a detection system?
Phase 1
• Workload synthesizer
• Anomaly injector
Phase 2
• Calibrated benchmark datasets
• Theory of data
Phase 3
• Automated experiment controller
• Performance mapper
05 Feb 2001