Title :
A Hybrid Sampling Approach for Network Flow Monitoring
Author :
Cheng, Guang ; Gong, Jian ; Tang, Yongning
Author_Institution :
Southeast Univ., Nanjing
fDate :
Yearly 21 2007-May 21 2007
Abstract :
Online flow distribution monitoring is critical in intrusion detection. However, high-speed traffic monitoring is significantly challenging for a monitoring system with limited resources (e.g., memory and processing cycles). Flow and packet sampling techniques are commonly adopted to tackle this problem. Flew sampling can reduce the variance of the estimators in short flows; However, it increases the estimated error for the heavy-tailed flow. On the other hand, passive sampling presents an opposite results. In this paper, we propose a novel flow sampling approach by taking advantage of both packet and flow sampling techniques. An effective flow estimator is also introduced to estimate flow distributions. Extensive simulations are conducted with real traffic data from CERMET backbone network traffic traces to evaluate the system performance and compare it with other traffic sampling approaches.
Keywords :
sampling methods; telecommunication congestion control; telecommunication network management; telecommunication security; telecommunication traffic; CERMET backbone network traffic; flow estimator; flow sampling techniques; hybrid sampling approach; network flow monitoring; packet sampling techniques; traffic sampling approaches; Computer science; Computerized monitoring; Educational institutions; Information systems; Intrusion detection; Probability; Sampling methods; Spine; Telecommunication traffic; Traffic control; Flow Distributions; Flow Sampling; Hybrid Sampling; Packet Sampling;
Conference_Titel :
End-to-End Monitoring Techniques and Services, 2007. E2EMON '07. Workshop on
Conference_Location :
Munich
Print_ISBN :
1-4244-1289-7
DOI :
10.1109/E2EMON.2007.375315
