Title :
Using Selective Sampling for the Support of Scalable and Efficient Network Anomaly Detection
Author :
Androulidakis, G. ; Chatzigiannakis, V. ; Papavassiliou, S.
Author_Institution :
Sch. of Electr. & Comput. Eng., Nat. Tech. Univ. of Athens (NTUA), Athens
Abstract :
Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. In this paper we consider the problem of studying and evaluating the impact of selective sampling on anomaly detection. Selective sampling focuses on the selection of small flows that are usually the source of many network attacks (DDoS, portscans, worm propagation). One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection. The performance evaluation study is achieved through the adoption and application of an anomaly detection method based on principal component analysis (PCA) using realistic data that have been collected from a real operational university campus network.
Keywords :
Internet; principal component analysis; telecommunication security; telecommunication traffic; network anomaly detection; network attacks; principal component analysis; scalable Internet traffic monitoring; selective sampling; Computer network management; Computer networks; Design engineering; Engineering management; IP networks; Laboratories; Principal component analysis; Sampling methods; Statistics; Telecommunication traffic; Anomaly Detection; Principal Component Analysis; Selective Sampling; Traffic Measurements;
Conference_Titel :
Globecom Workshops, 2007 IEEE
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4244-2024-7
DOI :
10.1109/GLOCOMW.2007.4437785
