= Welcome = The goal of the [http://datapository.net Datapository] anomaly detection testbed is to provide a useful framework and storage facility for researchers and network administrators to develop and test new anomaly detection methods, perform analysis of current detection methods, and analyze the traffic features used by these methods with user provided traffic sets or publicly available traffic sets in the [http://datapository.net Datapository] database. The testbed provides a toolkit for running anomaly detection methods, generating synthetic attacks in to the traffic, monitoring traffic metrics, and reformatting user data for insertion in to the [http://datapository.net Datapository] database. Through the collaboration of users, we hope to expand our set of available detection methods, synthetic attack models, and publicly available traffic data and tools for analysis. == Accessible Information == * '''How To Use the Testbed''' * [wiki:UsingDatabase Using the database] * [wiki:RubyUsage Using ruby to interface] * '''Database Information''' * [wiki:ERDiagram Entity relationship diagram] * [wiki:EntityDictionary Entity and attribute dictionary] * [wiki:ReformatForDP Formatting the flow data] * [wiki:PartitioningFlowsTable Partitioning the flows table and inserting flows] * '''Traffic Analysis''' * [wiki:TrafficFeatures Traffic features] * [wiki:MetricStatistics Traffic feature statistics] * [wiki:GeneratingEntropy Generating entropy data] * [wiki:Correlation Correlating data] * '''Anomaly Detection''' * [wiki:DetectionMethods Anomaly detection overview] * [wiki:SDEVDetection Standard deviation detection] * [wiki:WaveletDetection Wavelet detection] * '''Labeling Anomalies''' * [wiki:LabelingAnomalies Labeling overview] * [wiki:InsertingLabels Inserting or creating labels] * [wiki:ViewingLabels Viewing and searching labels] * [wiki:RetrievingLabeledFlows Retrieving labeled flows] * '''Synthetic Attack Generation and Analysis''' * [wiki:SyntheticAttacks Synthetic attack overview] * [wiki:GeneratingSyntheticAttacks Generating synthetic attacks] * [wiki:SynDistributedFlood Distributed bandwidth flood] * [wiki:SynHorizontalScan Horizontal scan activity] * [wiki:SynVerticalScan Vertical scan activity] * [wiki:SynWormActivity Worm activity] * [wiki:CreatingAttacks Guide to creating synthetic attacks] * '''Framework Overview''' * [wiki:DPUserFunctions User functions] * '''Related Documentation / Publications''' * [http://www.andrew.cmu.edu/user/gnychis/entropy_thesis.pdf George Nychis, Masters Thesis: An Empirical Evaluation of Entropy-based Anomaly Detection]