User login

Weekly Report -- 14/09/2012




LPI events are now working inside Brendon's webpages - it's still a bit rough around the edges still but good enough for a working prototype.

Played around with using PHPTAL to provide templating for our pages. It provides some nice features like automatic escaping of html entities and separation of the page logic and layout. At the moment, just the LPI event display page is templated but will hopefully extend this to other parts of the presentation layer.

Started on some more comprehensive testing of the system by throwing the entirety of the Waikato 6 traceset at it - 249 protocols * 8 metrics * several months of data. This immediately started to reveal some problems in the anomaly detection phase, such as R really not liking having to guess an ARIMA model for a time series containing entirely zeroes and stopping the entire process as a result. I also found that my anomaly detection doesn't perform particularly well when the traffic level is mostly at zero with regular bursts at a consistent quantity - each burst is being treated as an event when really that appears to be normal behaviour.

Submitted the final camera-ready version of my IMC paper - already the publishers have come back with some pedantic typesetting crap :)