Optimizing flow sampling for network anomaly detection

Autoři

BARTOŠ Karel REHÁK Martin KRMÍČEK Vojtěch

Rok publikování 2011
Druh Článek ve sborníku
Konference Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
Doi http://dx.doi.org/10.1109/IWCMC.2011.5982728
Obor Informatika
Klíčová slova NetFlow; Sampling methods; anomaly detection; network traffic
Popis Sampling techniques are widely employed in high-speed network traffic monitoring to allow the analysis of high traffic volumes with limited resources. Sampling has measurable negative impact on the accuracy of network anomaly detection methods. In our work, we build an integrated model which puts the sampling into the context of the anomaly detection used in the subsequent processing. Using this model, we show that it is possible to perform very efficient sampling with limited impact on traffic feature distributions, thus minimizing the decrease of anomaly detection efficiency. Specifically, we propose an adaptive, feature-aware statistical sampling technique and compare it both formally and empirically with other known sampling techniques - random flow sampling and selective sampling. We study the impact of these sampling techniques on particular anomaly detection methods used in a network behavior analysis system.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info