Understanding and Evaluating the Impact of Sampling on Anomaly Detection Techniques

Author

Androulidakis, Georgios ; Chatzigiannakis, Vasilis ; Papavassiliou, Symeon ; Grammatikou, Mary ; Maglaris, Vasilis

Author_Institution

Sch. of Electr. & Comput. Eng., Nat. Tech. Univ. of Athens

fYear

2006

fDate

23-25 Oct. 2006

Firstpage

1

Lastpage

7

Abstract

In this paper, the emphasis is placed on the evaluation of the impact of various packet sampling techniques that have been proposed in the PSAMP IETF draft, on two widely used anomaly detection approaches. More specifically, we evaluate the behavior of a sequential nonparametric change-point detection method and an algorithm based on principal component analysis (PCA) with the use of different metrics, under different traffic and measurement sampling methodologies. One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection

Keywords

Internet; computer network reliability; principal component analysis; sampling methods; telecommunication traffic; Internet; PCA; PSAMP IETF draft; anomaly detection approach; packet sampling technique; principal component analysis; sequential nonparametric change-point detection method; Computer network management; Computer networks; Design engineering; Engineering management; IP networks; Monitoring; Principal component analysis; Sampling methods; Scalability; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Military Communications Conference, 2006. MILCOM 2006. IEEE

Conference_Location

Washington, DC

Print_ISBN

1-4244-0617-X

Electronic_ISBN

1-4244-0618-8

Type

conf

DOI

10.1109/MILCOM.2006.302407

Filename

4086338