{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T22:06:38Z","timestamp":1777500398201,"version":"3.51.4"},"reference-count":20,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,1,30]],"date-time":"2008-01-30T00:00:00Z","timestamp":1201651200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2008,1,30]]},"abstract":"<jats:p>Despite the flurry of anomaly-detection papers in recent years, effective ways to validate and compare proposed solutions have remained elusive. We argue that evaluating anomaly detectors on manually labeled traces is both important and unavoidable. In particular, it is important to evaluate detectors on traces from operational networks because it is in this setting that the detectors must ultimately succeed. In addition, manual labeling of such traces is unavoidable because new anomalies will be identified and characterized from manual inspection long before there are realistic models for them. It is well known, however, that manual labeling is slow and error-prone. In order to mitigate these challenges, we present WebClass, a web-based infrastructure that adds rigor to the manual labeling process. WebClass allows researchers to share, inspect, and label traffic time-series through a common graphical user interface. We are releasing WebClass to the research community in the hope that it will foster greater collaboration in creating labeled traces and that the traces will be of higher quality because the entire community has access to all the information that led to a given label<\/jats:p>","DOI":"10.1145\/1341431.1341437","type":"journal-article","created":{"date-parts":[[2008,2,8]],"date-time":"2008-02-08T15:32:16Z","timestamp":1202484736000},"page":"35-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["WebClass"],"prefix":"10.1145","volume":"38","author":[{"given":"Haakon","family":"Ringberg","sequence":"first","affiliation":[{"name":"Princeton University"}]},{"given":"Augustin","family":"Soule","sequence":"additional","affiliation":[{"name":"Thomson"}]},{"given":"Jennifer","family":"Rexford","sequence":"additional","affiliation":[{"name":"Princeton University"}]}],"member":"320","published-online":{"date-parts":[[2008,1,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637210"},{"key":"e_1_2_1_2_1","unstructured":"Cisco NetFlow http:\/\/www.cisco.com\/en\/US\/products\/ps6601\/products ios protocol group home.html  Cisco NetFlow http:\/\/www.cisco.com\/en\/US\/products\/ps6601\/products ios protocol group home.html"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/863955.863972"},{"key":"e_1_2_1_4_1","unstructured":"Garrett J. J. Ajax: A new approach to web applications. http:\/\/www.adaptivepath.com\/publications\/essays\/archives\/000385.php  Garrett J. J. Ajax: A new approach to web applications. http:\/\/www.adaptivepath.com\/publications\/essays\/archives\/000385.php"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1269899.1254890"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028812"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948236"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015492"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080118"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177099"},{"key":"e_1_2_1_11_1","unstructured":"Lippmann R. P. Fried D. J. Graf I. Haines J.W. Kendall K.R. McClung D. Weber D. Webster S. E. Wyschogrod D. Cunningham R. K. and Zissman M. A. Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation.discex 02 (2000) 1012.  Lippmann R. P. Fried D. J. Graf I. Haines J.W. Kendall K.R. McClung D. Weber D. Webster S. E. Wyschogrod D. Cunningham R. K. and Zissman M. A. Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation.discex 02 (2000) 1012."},{"key":"e_1_2_1_12_1","first-page":"2","article-title":"Building a large annotated corpus of english: the penn treebank","volume":"19","author":"Marcus M. P.","year":"1993","journal-title":"Comput. Linguist."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1341431.1341443"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1269899.1254895"},{"key":"e_1_2_1_15_1","first-page":"171","volume-title":"USENIX Technical Conference","author":"Sekar V.","year":"2006"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251086.1251117"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298320"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/985692.985733"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251086.1251116"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028802"}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341431.1341437","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1341431.1341437","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:38:54Z","timestamp":1750253934000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341431.1341437"}},"subtitle":["adding rigor to manual labeling of traffic anomalies"],"short-title":[],"issued":{"date-parts":[[2008,1,30]]},"references-count":20,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,1,30]]}},"alternative-id":["10.1145\/1341431.1341437"],"URL":"https:\/\/doi.org\/10.1145\/1341431.1341437","relation":{},"ISSN":["0146-4833"],"issn-type":[{"value":"0146-4833","type":"print"}],"subject":[],"published":{"date-parts":[[2008,1,30]]},"assertion":[{"value":"2008-01-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}