The need for simulation in evaluating anomaly detectors

Haakon Ringberg, Matthew Roughan, Jennifer L. Rexford

Research output: Contribution to journalArticlepeer-review

56 Scopus citations


Anomalous events that affect the performance of networks are a fact of life. It is therefore not surprising that recent years have seen an explosion in research on network anomaly detection. What is quite surprising, however, is the lack of controlled evaluation of these detectors. In this paper we argue that there are numerous important questions regarding the effectiveness of anomaly detectors that cannot be answered by the evaluation techniques employed today. We present four central requirements of a rigorous evaluation that can only be met by simulating both the anomaly and its surrounding environment. While simulation is necessary, it is not sufficient. We therefore present an outline of an evaluation methodology that leverages both simulation and traces from operational networks.

Original languageEnglish (US)
Pages (from-to)55-59
Number of pages5
JournalComputer Communication Review
Issue number1
StatePublished - Dec 1 2008

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'The need for simulation in evaluating anomaly detectors'. Together they form a unique fingerprint.

Cite this