A Hybrid Sampling Approach for Network Flow Monitoring

Author

Cheng, Guang ; Gong, Jian ; Tang, Yongning

Author_Institution

Southeast Univ., Nanjing

fYear

2007

fDate

Yearly 21 2007-May 21 2007

Firstpage

1

Lastpage

7

Abstract

Online flow distribution monitoring is critical in intrusion detection. However, high-speed traffic monitoring is significantly challenging for a monitoring system with limited resources (e.g., memory and processing cycles). Flow and packet sampling techniques are commonly adopted to tackle this problem. Flew sampling can reduce the variance of the estimators in short flows; However, it increases the estimated error for the heavy-tailed flow. On the other hand, passive sampling presents an opposite results. In this paper, we propose a novel flow sampling approach by taking advantage of both packet and flow sampling techniques. An effective flow estimator is also introduced to estimate flow distributions. Extensive simulations are conducted with real traffic data from CERMET backbone network traffic traces to evaluate the system performance and compare it with other traffic sampling approaches.

Keywords

sampling methods; telecommunication congestion control; telecommunication network management; telecommunication security; telecommunication traffic; CERMET backbone network traffic; flow estimator; flow sampling techniques; hybrid sampling approach; network flow monitoring; packet sampling techniques; traffic sampling approaches; Computer science; Computerized monitoring; Educational institutions; Information systems; Intrusion detection; Probability; Sampling methods; Spine; Telecommunication traffic; Traffic control; Flow Distributions; Flow Sampling; Hybrid Sampling; Packet Sampling;

fLanguage

English

Publisher

ieee

Conference_Titel

End-to-End Monitoring Techniques and Services, 2007. E2EMON '07. Workshop on

Conference_Location

Munich

Print_ISBN

1-4244-1289-7

Type

conf

DOI

10.1109/E2EMON.2007.375315

Filename

4261336