Intelligent Flow-Based Sampling for Effective Network Anomaly Detection

Author

Androulidakis, G. ; Papavassiliou, S.

Author_Institution

Nat. Tech. Univ. of Athens, Athens

fYear

2007

fDate

26-30 Nov. 2007

Firstpage

1948

Lastpage

1953

Abstract

Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. In this paper, the emphasis is placed on the evaluation of the impact of using intelligent flow sampling techniques on the anomaly detection process. Based on the observation that small flows are usually the source of many network attacks (DDoS, portscans, worm propagation) we first introduce a new flow sampling methodology that focuses on the selection of small flows and achieves to improve anomaly detection effectiveness, while at the same time reduces the number of selected flows. The performance evaluation of the impact of intelligent flow-based sampling on the anomaly detection process is achieved through the adoption and application of a sequential non-parametric Change-Point Detection anomaly detection method on realistic data that have been collected from a real operational university campus network.

Keywords

Internet; sampling methods; security of data; telecommunication security; telecommunication traffic; Internet traffic monitoring; intelligent flow sampling; network anomaly detection; performance evaluation; sequential non-parametric change-point detection; Computer network management; Computer networks; Design engineering; Engineering management; Fault detection; IP networks; Intelligent networks; Laboratories; Sampling methods; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE

Conference_Location

Washington, DC

Print_ISBN

978-1-4244-1042-2

Electronic_ISBN

978-1-4244-1043-9

Type

conf

DOI

10.1109/GLOCOM.2007.374

Filename

4411284