WebClass: Adding rigor to manual labeling of traffic anomalies

Haakon Ringberg, Augustin Soule, Jennifer L. Rexford

Research output: Contribution to journalArticlepeer-review

20 Scopus citations

Abstract

Despite the flurry of anomaly-detection papers in recent years, effective ways to validate and compare proposed solutions have remained elusive. We argue that evaluating anomaly detectors on manually labeled traces is both important and unavoidable. In particular, it is important to evaluate detectors on traces from operational networks because it is in this setting that the detectors must ultimately succeed. In addition, manual labeling of such traces is unavoidable because new anomalies will be identified and characterized from manual inspection long before there are realistic models for them. It is well known, however, that manual labeling is slow and error-prone. In order to mitigate these challenges, we present WebClass, a web-based infrastructure that adds rigor to the manual labeling process. WebClass allows researchers to share, inspect, and label traffic timeseries through a common graphical user interface. We are releasing WebClass to the research community in the hope that it will foster greater collaboration in creating labeled traces and that the traces will be of higher quality because the entire community has access to all the information that led to a given label.

Original languageEnglish (US)
Pages (from-to)35-38
Number of pages4
JournalComputer Communication Review
Volume38
Issue number1
DOIs
StatePublished - Dec 1 2008

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • Data labeling
  • Data sharing
  • Database
  • Network traffic analysis

Fingerprint Dive into the research topics of 'WebClass: Adding rigor to manual labeling of traffic anomalies'. Together they form a unique fingerprint.

Cite this