\begin{thebibliography}{10} \bibitem{Abdelzaher02} T.~F. Abdelzaher, K.~G. Shin, and N.~Bhatti. \newblock Performance guarantees for {Web} server end-systems: a control-theoretical approach. \newblock {\em IEEE Trans. on Parallel and Distributed Systems}, 13(1):80--96, 2002. \bibitem{aguirre97} {S.J.} Aguirre and {W.H.}Hill. \newblock Intrusion detection fly-off: Implications for the united states navy. \newblock Technical report, MITRE, 1997. \bibitem{alessandri00} D.~Alessandri. \newblock Using rule-based activity descriptions to evaluate intrusion detection systems. \newblock In H.~Debar, L.~Me, and {S. F.} Wu, editors, {\em Int. Workshop on Recent Advances in Intrusion Detection}, volume 1907 of {\em Lectures in CS}, pages 183--196. Springer Verlag, 2000. \bibitem{amoroso-98} E.~Amoroso and R.~Kwapniewski. \newblock A selection criteria for intrusion detection systems. \newblock In {\em Proc. 14th AnnualComputer Security Applications Conference}, pages 280 -- 288. IEEE, Dec 1998. \bibitem{fink-02} { G.A.}~Fink and{ B.L.} Chappell and{ T.G.} Turner~and{ K.F.} O'Donoghue. \newblock A metrics-based approach to intrusion detection system evaluation for distributed real-time systems. \newblock In {\em Proc. Int. Parallel and Distributed Processing Symposium}, pages 93--100. IEEE, 2002. \bibitem{murray-spencer-94} { D.W.}~Murray and{ D.D.} Spencer. \newblock Statistical process control testing of electronic security equipment. \newblock In {\em IEEE Int. Carnahan Conf on Security Technology}, pages 53--59. IEEE, Oct 1994. \bibitem{allen-03} { W.H.}~Allen and{ G.A.} Marin. \newblock On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems. \newblock In {\em Proc. Symp. on Applications and the Internet}, pages 242--248. IEEE, Jan 2003. \bibitem{athanasiades-03} { N.}~Athanasiades and{ R.} Abler and{ J.} Levine and{ H.} Owen~and{ G.} Riley. \newblock Intrusion detection testing and benchmarking methodologies. \newblock In {\em First IEEE Int. Workshop on Informatoin Assurance (IWIAS)}, pages 63--72. IEEE, March 2003. \bibitem{tan-03} { K.M.C.}~Tan and{ R.A.} Maxion. \newblock Determining the operational limits of an anomaly-based intrusion detector. \newblock {\em IEEE Journal on Selected Areas in Communications}, 21(1):96--110, Jan 2003. \bibitem{Ayan93} E.~et~al Ayanoglu. \newblock Diversity coding for transparent self-healing and fault-tolerant communication networks. \newblock {\em IEEE Trans. on Communications}, 41(11), 1993. \bibitem{Bakr95} A.~Bakre and B.~R. Badrinath. \newblock I-tcp: Indirect {TCP} for mobile hosts. \newblock In {\em Proc. 15th Int. Conf. Distributed Computing System (ICDCS)}, 1995. \bibitem{Bala95} H.~Balakrishnan, S.~S.~Seshan, , and R.~Katz. \newblock Improving reliable transport and handoff performance in cellular wireless networks. \newblock {\em Wireless Network}, 1(4), 1995. \bibitem{balepin03} I.~Balepin, S.~Maltsev, J.~Rowe, and K~Levitt. \newblock Using specification-based intrusion detection for automated responce. \newblock In {\em Proc. International Symp on Rapid Advances in Intrusion Detection (RAID)}, Pittsburg, PA, USA, September 2003. \bibitem{Bhatti99} N.~Bhatti and R.~Friedrich. \newblock Web server support for tiered services. \newblock {\em IEEE Network}, 13(5):64--71, 1999. \bibitem{Blake98} S.~Blake, D.~Black, M.~Carlson, E.~Davies, Wang Z., and W.~Weiss. \newblock An architecture for differentiated services. \newblock {\em IETF RFC 2475}, 1998. \bibitem{Briesemeister03} L.~Briesemerister, P.~Lincoln, and P.~Porras. \newblock Epidemic profiles and defense of scale-free networks. \newblock In {\em Proc. of ACM WORM}, 2003. \bibitem{Brow97} K.~Brown and S.~Singh. \newblock {M-TCP: TCP} for mobile cellular networks. \newblock {\em ACM Comput. Commun.}, 27(5):19--43, 1997. \bibitem{Carm00} D.~W. Carman, P.~S. Kruus, and B.~J. Matt. \newblock Constraints and approaches for distributed sensor network security. \newblock Technical report, NAI Labs Technical Report 00-010, 2000. \bibitem{carver01} {C. A.} Carver, {J. M. D.} Hill, and {U. W.} Pooch. \newblock Limiting uncertainty in intrusion response. \newblock In {\em Proc. of IEEE Workshop on Information Assurance and Security}, US Military Academy, West Point, June 2001. \bibitem{Cear03} A.~Cearns and C.~E. Chow. \newblock A2d2: Design of an autonomous anti-ddos (a2d2) network. \newblock In {\em Proc. of IASTED Conf. on Applied Informatic}, 2003. \bibitem{champion01} T.~Champion and M.~Denz. \newblock A benchmark evaluation of network intrusion detection systems. \newblock In {\em Proc. of IEEE Conf. on Aerospace Systems}, 2001. \bibitem{Chandra00a} S.~Chandra, C.~S. Ellis, and A.~Vahdat. \newblock Application-level differentiated multimedia {Web} services using quality aware transcoding. \newblock {\em IEEE J. on Selected Areas in Communications}, 18(12):2544--2265, 2000. \bibitem{Chen99} J.~Chen. \newblock New approaches to routing for large scale data networks. \newblock Technical report, Ph.D. Dissertation, Rice University, 1999. \bibitem{Stan96} S.~Chen, S.~Cheung, R.~Crawford, and M.~Dilger. \newblock {GrIDS-a} graph based intrusion detection system for large networks. \newblock In {\em In Proc. of the 19th National Information Systems Security Conference}, 1996. \bibitem{Chen02a} X.~Chen and P.~Mohapatra. \newblock Performance evaluation of service differentiating {Internet} servers. \newblock {\em IEEE Trans. on Computers}, 51(11):1,368--1,375, 2002. \bibitem{Chow04} C.~E. Chow, P.~J. Fong, and G.~Godavari. \newblock An exercise in constructing secure mobile {Ad Hoc} networks. \newblock In {\em Proc. of Int'l Conf. on Advanced Information Networking and Applications}, 2004. \bibitem{das00} K.~Das. \newblock The development of stealthy attacks to evaluate intrusion detection systems. \newblock Master's thesis, MIT EECS, June 2000. \bibitem{Dovrolis99} C.~Dovrolis, D.~Stiliadis, and P.~Ramanathan. \newblock Proportional differentiated services: Delay differentiation and packet scheduling. \newblock In {\em Proc. ACM SIGCOMM}, 1999. \bibitem{Dovrolis02} C.~Dovrolis, D.~Stiliadis, and P.~Ramanathan. \newblock Proportional differentiated services: Delay differentiation and packet scheduling. \newblock {\em IEEE/ACM Trans. on Networking}, 10(1):12--26, 2002. \bibitem{Nlar} National~Laboratory for Applied Network~Research. \newblock Nlar network traffic packet header traces, 2002. \newblock http://pma.nlanr.net/Traces/. \bibitem{gaffney-01} {J.E.} Gaffney and {J.W. } Ulvila. \newblock Evaluation of intrusion detectors: A decision theory approach. \newblock In {\em IEEE Symp. on Security and Privacy}, Oakland, CA, May 2001. IEEE. \bibitem{Garetto03} M.~Garetto, W.~Gong, and D.~Towsley. \newblock Modeling malware spreading dynamics. \newblock In {\em Proc. of IEEE INFOCOM}, 2003. \bibitem{beverge-cofactors} G.~Givens, {J.R.} Beveridge, {B.A.} Draper, and D.~Bolme. \newblock A statistical assessment of subject factors in the pca recognition of human faces. \newblock In {\em "IEEE Workshop on Statistical Analysis in Computer Vision}. IEEE, June 2003. \bibitem{grant-spc-72} {E.L.} Grant and {R.S} Leavenworth. \newblock {\em Statistical Quality Control}. \newblock McGraw-Hill, 1972. \bibitem{grother03} {P.J.} Grother, {R.J.} Micheals, and {P. J.} Phillips. \newblock Face recognition vendor test 2002 performance metrics. \newblock In {\em Proceedings 4th International Conference on Audio Visual Based Person Authentication}, June 2003. \bibitem{Liu01} Liu. J. and S.~Singh. \newblock Atcp: Tcp for mobile ad hoc networks. \newblock {\em IEEE J. on Selected Areas on Communications}, 19:1300--1315, 2001. \bibitem{JULI03} Klaus Julisch. \newblock Clustering intrusion detection alarms to support root cause analysis. \newblock {\em ACM Trans. on Information and System Security}, 6(4):443--471, 2003. \bibitem{Karl03} A.~Karlof and D.~Wagner. \newblock Secure routing in sensor networks: Attacks and countermeasures. \newblock In {\em Proc. of 1st IEEE Int'l Workshop on Sensor Network Protocols and Applications}, 2003. \bibitem{kendall99} K.~Kendall. \newblock A database of computer attacks for the evaluation of intrusion detection systems. \newblock Master's thesis, MIT EECS, 1999. \bibitem{Ko03} B.~Ko, K.~Lee, K.~Amiri, and S.~Calo. \newblock Scalable service differentiation in a shared storage cache. \newblock In {\em Proc. 23rd IEEE Int'l Conf. on Distributed Computing Systems (ICDCS)}, 2003. \bibitem{korba00} J.~Korba. \newblock Windows nt attacks for the evaluation of intrusion detection systems. \newblock Master's thesis, MIT EECS, June 2000. \bibitem{krewski_rao} D.~Krewski and J.~N.~K. Rao. \newblock Inference from statified samples: Properties of the linearization, jackknife and balanced repeated replication methods. \newblock {\em The Annals of Statistics}, 9(5):1010--1019, 1981. \bibitem{Lee02} S.~C.~M. Lee, J.~C.~S. Lui, and D.~K.~Y. Yau. \newblock Admission control and dynamic adaptation for a proportional-delay {DiffServ}-enabled {Web} server. \newblock In {\em Proc. ACM SIGMETRICS}, 2002. \bibitem{Leung01} M.~K.~H. Leung, J.~C.~S. Lui, and D.~K.~Y. Yau. \newblock Adaptive proportional delay differentiated services: Characterization and performance evaluation. \newblock {\em IEEE/ACM Trans. on Networking}, 9(6):908--817, 2001. \bibitem{lippmann00} R.~Lippmann, J.~Haines, D.~Fried, J.~Korba, and K.~Das. \newblock The 1999 darpa off-line intrusion detection evaluation. \newblock {\em Computer Networks}, 34:579--595, 2000. \bibitem{lippmann98} {R. P.} Lippmann, { D. J.} Fried, I.~Graf, {J. W.} Haines, {K. P.} Kendall, D.~McClung, D.~Weber, {S. E.} Webster, D.~Wyschogrod, { R. K.} Cunningham, and {M. A.} Zissman. \newblock Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation. \newblock In {\em Proceedings of the 2000 DARPA Information Survivability Conference and Exposition}. DARPA, 2000. \bibitem{lippmann99} {R. P.} Lippmann, {J. W.} Haines, {D. J.} Fried, J.~Korba, and K.~Das. \newblock The 1999 darpa off-line intrusion detection evaluation. \newblock Technical report, MIT Lincoln Lab, 2000. \bibitem{mahoney03} {M.V.} Mahoney and {P.K.} Chan. \newblock An analysis of the 1999 darpa/lincond laboratory evaluation data for network anomaly detection. \newblock In {\em Proc. Recent Advances in Intrusion Detection}, volume 2820 of {\em Lectures in CS}, pages 220--237. Springer Verlag, November 2003. \bibitem{maxion00} {R.A.} Maxion and {K.M.C.} Tan. \newblock Benchmarking anomaly-based detection systems. \newblock In {\em IEEE Proc Int. Conf on Dependable Systems and Networks}, pages 623--630, 2000. \bibitem{mchugh00} J.~McHugh. \newblock Testing intrusion detection systems: A critique of the 1998 and 1999 darpa off-line intrusion detection system evaluation as performed by lincoln laboratory. \newblock {\em ACM Transactions on Information and System Security}, 3(4), November 2000. \bibitem{micheals-boult-cvpr} R.~J. Micheals and T.~E. Boult. \newblock Efficient evaluation of classification and recognition systems. \newblock In {\em Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2001)}, Hawaii, December 11--13 2001. \bibitem{micheals-strat} {R. J.} Micheals and {T. E.} Boult. \newblock A stratified methodology for classifier and recognizer evaluation. \newblock In {\em IEEE Workshop on Emperical Evaluation Methods in Computer Vision}, Kauai, Hawaii, Dec 2001. IEEE. \bibitem{micheals03} {R. J.} Micheals, P.~Grother, and {P.J.} Phillips. \newblock The nist human id evaluation framework. \newblock In {\em Proc. of the 4th Int. Conference on Audio and Video-based Biometric Person Authentication}, June 2003. \newblock Availible from http://www.frvt.org/DLs/AVBPA-2003.pdf. \bibitem{micheals-thesis} {R.J.} Micheals. \newblock {\em Biometric systems evaluation}. \newblock PhD thesis, Lehigh University, 2003. \bibitem{micheals-urn-tr} {R.J.} Micheals and {T.E.} Boult. \newblock Is the urn well-mixed? \newblock Technical report, National Institute of Standards and Technology, Febuary 2004. \bibitem{mueller01} P.~Mueller and G.~Shipley. \newblock Dragon claws its way to the top. \newblock {\em Network Computing}, August 2001. \newblock http://www.networkcomputing.com/1217/1217f2.html. \bibitem{IDIP} Boeing Phantom~Works. Network Associates~Labs. \newblock Intrusion detection and isolation protocol, {IDIP}. \newblock Technical report, 2002. \bibitem{Ning01} P.~Ning, S.~Jajodia, and S.~Wang. \newblock Abstraction-based intrusion detection in distributed environments. \newblock {\em ACM Trans. on Information and System Security (TISSEC)}, 4:407--452, 2001. \bibitem{Perr02} A.~Perrig, R.~Szewczyk, J.D. Tygar, Victorwen, and D.~E. Culler. \newblock Spins: Security protocols for sensor networks. \newblock {\em Wireless Networks}, 8:521--534, 2002. \bibitem{frvt2002} { P.J.} Phillips, P.~Grother, {R. J.} Micheals, {D. M.} Blackburn, E.~Tabassi, and M.~Bone. \newblock Face recognition vendor test 2002. evaluation report. \newblock Technical Report IR 6965, National Institute of Standards and Technology, March 2003. \newblock www.itl.nist.gov/iad/894.03/face/face.html. \bibitem{feret} P.~J. Phillips, H.~Moon, S.~A. Rizvi, and P.~J. Rauss. \newblock The \hbox{FERET} evaluation methodology for face-recognition algorithms. \newblock {\em IEEE Transactions on Pattern Analysis and Machine Intelligence}, 22(10):1090--1104, October 2000. \bibitem{Porr97} P.~A. Porras and P.~G. Neumann. \newblock Emerald: event monitoring enabling responses to anomalous live disturbances. \newblock In {\em In 1997 National Information Systems Security Conference}, 1997. \bibitem{porras97:_emeral} {P. A.} Porras and {P. G.} Neumann. \newblock Emerald: Event monitoring enabling responses to anomalous live disturbances. \newblock In {\em Proceedings of the 20th NIS Security Conference}, October 1997. \bibitem{puketza97} N.~Puketza, M.~Chung, { R. A.} Olsson, and B.~Mukherjee. \newblock A software platform for testing intrusion detection systems. \newblock {\em IEEE Software}, pages 43--51, September/October 1997. \bibitem{puketza96} N.~J. Puketza, K.~Zhang, M.~Chung, B.~Mukherjee, and {R. A.} Olsson. \newblock A methodology for testing intrusion detection systems. \newblock {\em IEEE Transactions on Software Engineering}, 22(10), 1996. \bibitem{snort} M.~Roesch. \newblock Snort - lightweight intrusion detection for networks. \newblock In {\em USENIX 13th Systems Administration Conference - LISA '99}, Seattle, Washington, 1999. usenix. \newblock see also www.snort.org. \bibitem{lariat} { L.M.} Rossey, { R.K.} Cunningham, { D.J.} Fried, { J.C.} Rabek, { R.P.} Lippmann, { J.W.} Haines, and { M.A.} Zissman. \newblock Lariat: Lincoln adaptable real-time information assurance testbed. \newblock In {\em IEEE Proc. Aerospace Conference}, volume~6, pages 2671--2682, March 2002. \bibitem{shao_wu} J.~Shao and C.~F.~J. Wu. \newblock Asymptotic properties of the balanced repeated replication method for sample quantiles. \newblock {\em Annals of Statistics}, 20(3):1571--1593, September 1992. \bibitem{neophpsis-99b} G.~Shipley. \newblock Intrusion detection, take two. \newblock {\em Network Computing}, November 1999. \newblock http://www.networkcomputing.com/1023/1023f1.html. \bibitem{neophpsis-99a} G.~Shipley. \newblock Iss realsecure pushes past newer ids players. \newblock {\em Network Computing}, May 1999. \newblock http://www.networkcomputing.com/1010/1010r1.html. \bibitem{sitter} R.~R. Sitter. \newblock Balanced repeated replications based on orthogonal multi-arrays. \newblock {\em Biometrika}, 80(1):211--221, March 1993. \bibitem{Snap91} S.~Snapp, J.~Brentano, and G.~Dias. \newblock Dids (distributed intrusion detection system) motiva-tion, architecture, and an early prototype. \newblock In {\em In Proceedings of the 14th National Computer Security Conference}, 1991. \bibitem{anzen} D.~Song, G.~Shaffer, and M.~Undy. \newblock Nidsbench - a network intrusion detection test suite. \newblock In {\em Recent Advances in Intrusion Detection, Second International Workshop}, West Lafayette, 1999. \newblock http://www.raid-symposium.org/raid99/PAPERS/Song.pdf. \bibitem{Spaf00} E.~H. Spafford and D.~Zamboni. \newblock Intrusion detection using autonomous agents. \newblock {\em Computer Networks}, 34(4):547--570, 2000. \bibitem{sterne01} D.~Sterne, K.~Djahandari, B.~Wilson, B.~Babson, D.~Schnackenberg, H.~Holliday, and T.~Reid. \newblock Autonomic response to distributed denial of service attacks. \newblock In {\em Proc. International Symp on Rapid Advances in Intrusion Detection (RAID)}, Davis, CA, USA, October 2001. \bibitem{stolfo-00} S.~Stolfo, W.~Fan, W.~Lee, A.~Prodromidis, and P.~Chan. \newblock Cost-based modeling for fraud and intrusion detection: Results from the jam project. \newblock In {\em n Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX '00)}, 2000. \bibitem{toth-02} T.~Toth and C.~Kruegel. \newblock Evaluating the impact of automated intrusion response mechanisms. \newblock In {\em 18th Computer Security Applications Conference}, pages 301--310. IEEE, December 2002. \bibitem{Tsir01} A.~Tsirigos and Z.~J. Haas. \newblock Multiple path routing in the presence of frequent topologicalchanges. \newblock {\em IEEE Communication Magzine}, pages 132--139, 2001. \bibitem{Yava94} R.~Yavatkar and N.~Bhagawat. \newblock Improving end-to-end performance of {TCP} over mobile internetworks. \newblock In {\em Proc. IEEE Workshop on Mobile Computing Systems and Applications}, 1994. \bibitem{Zapa01} M.G. Zapata. \newblock Secure {Ad Hoc} on-demand distance vector {(SAODV)} routing. \newblock Technical report, http://www.ietf.org/internet-drafts/draft-guerrero-manet-saodv-00.txt, Internet Draft, 2001. \bibitem{Zhang03} Y.~Zhang, W.~Lee, and Y.~Huang. \newblock Intrusion detection techniques for mo-bile wireless networks. \newblock {\em Wireless Network}, 9:545--556, 2003. \bibitem{Zhou-ICWS04} X.~Zhou, Y.~Cai, G.~K. Godavari, and C.~E. Chow. \newblock An adaptive process allocation strategy for proportional responsiveness differentiation on {Web} servers. \newblock In {\em Proc. IEEE 2nd Int'l Conf. on Web Services (ICWS)}, July 2004. \bibitem{Zhou-ICDCS04} X.~Zhou, J.~Wei, and C.-Z. Xu. \newblock Modeling and analysis of {2D} service differentiation on {e-Commerce} servers. \newblock In {\em Proc. of IEEE 24th Int'l Conf. on Distributed Computing Systems (ICDCS)}, pages 740--747, {March} 2004. \bibitem{Zhou-IPDPS04} X.~Zhou, J.~Wei, and C.-Z. Xu. \newblock Processing rate allocation for proportional slowdown differentiation on {Internet} servers. \newblock In {\em Proc. IEEE 18th Int'l Parallel and Distributed Processing Symp. (IPDPS)}, pages 88--97, {April} 2004. \bibitem{Zhou-TPDS04} X.~Zhou and C.-Z. Xu. \newblock Harmonic proportional bandwidth allocation and scheduling for service differentiation on streaming servers. \newblock {\em IEEE Trans. on Parallel and Distributed Systems}, 15(9):835--848, 2004. \bibitem{Zhu01} H.~Zhu, H.~Tang, and T.~Yang. \newblock Demand-driven service differentiation for cluster-based network servers. \newblock In {\em Proc. IEEE INFOCOM}, pages 679--688, 2001. \end{thebibliography}