2nd International ICST Workshop on OMNeT++

Research Article

Large-scale evaluation of distributed attack detection

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.4108/ICST.SIMUTOOLS2009.5552,
    author={Thomas Gamer and Christoph P. Mayer},
    title={Large-scale evaluation of distributed attack detection},
    proceedings={2nd International ICST Workshop on OMNeT++},
    publisher={ACM},
    proceedings_a={OMNET++},
    year={2010},
    month={5},
    keywords={Distributed Attack Detection Anomaly Detection Large-scale Evaluation OMNeT++},
    doi={10.4108/ICST.SIMUTOOLS2009.5552}
}
  • Thomas Gamer
    Christoph P. Mayer
    Year: 2010
    Large-scale evaluation of distributed attack detection
    OMNET++
    ICST
    DOI: 10.4108/ICST.SIMUTOOLS2009.5552
Thomas Gamer1,*, Christoph P. Mayer1,*
  • 1: Institute of Telematics, Universität Karlsruhe (TH), Germany.
*Contact email: gamer@tm.uka.de, mayer@tm.uka.de

Abstract

Evaluation of mechanisms for anomaly and attack detection is still a challenging task and hard to achieve. This especially holds for the evaluation of the large-scale behavior and efficiency of distributed detection mechanisms. Since testbeds and real networks are no feasible means for large-scale evaluation, we present in this paper a toolchain for the large-scale evaluation of distributed attack detection based on the simulator OMNeT++. Particular focus is placed on simplicity and usability of the toolchain. The interplay of the individual tools is shown by means of an exemplary attack detection. Furthermore, a performance evaluation of the individual tools is presented that shows their limitations in terms of hardware and time constraints.

Keywords
Distributed Attack Detection Anomaly Detection Large-scale Evaluation OMNeT++
Published
2010-05-16
Publisher
ACM
Modified
2010-05-16
http://dx.doi.org/10.4108/ICST.SIMUTOOLS2009.5552
Copyright © 2009–2024 ICST