Title :
Reduction of traffic sampling impact on anomaly detection
Author :
Pan, Qiao ; Yong-feng, Huang ; Pei-feng, Zeng
Author_Institution :
Sch. of Comput. Sci. & Technol., Donghua Univ., Shanghai, China
Abstract :
Network anomaly is detected by identifying possible abnormal behaviors in network traffic. Due to the applications of High-speed Networks, sampling data of network traffic have been adopted extensively as the data source of anomaly detection. Sampling is an approximate method of measurement, and the sampling data must have certain deviation on distribution of total traffic, which can definitely affect the anomaly detection. Based on an analysis of the impact of random packet sampling data on anomaly detection, an IP flow-based sampling measurement method with a variable sampling rate on network traffic is proposed in this paper. The method reduces the impact of sampling data on anomaly detection and improves the accuracy of such data applied for anomaly detection.
Keywords :
IP networks; approximation theory; data mining; telecommunication traffic; IP flow-based sampling measurement method; approximate method; data source; high-speed networks; network anomaly detection; network traffic sampling data; random packet sampling data; traffic sampling reduction; Accuracy; Fluid flow measurement; IP networks; Radiation detectors; Sampling methods; Telecommunication traffic; Anomaly Detection; High-speed Networks; IP Flow; Network Traffic; Sampling;
Conference_Titel :
Computer Science & Education (ICCSE), 2012 7th International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-1-4673-0241-8
DOI :
10.1109/ICCSE.2012.6295109
