Title :
A Study on Detecting Network Anomalies Using Sampled Flow Statistics
Author :
Kawahara, Tryoichi ; Mori, Tatsuya ; Kamiyama, Noriaki ; Harada, Shigeaki ; Asano, Shoichiro
Author_Institution :
NTT Service Integration Labs., NTT Corp., Tokyo
Abstract :
We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies. We also show the effectiveness of the partitioning method using network measurement data
Keywords :
Internet; sampling methods; telecommunication security; telecommunication traffic; SYN flooding; flow statistics; network anomaly detection; network scan; packet sampling; Fluid flow measurement; IP networks; Monitoring; Power measurement; Probability; Sampling methods; Statistical analysis; Statistics; Telecommunication traffic; Velocity measurement;
Conference_Titel :
Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on
Conference_Location :
Hiroshima
Print_ISBN :
0-7695-2757-4
Electronic_ISBN :
0-7695-2757-4
DOI :
10.1109/SAINT-W.2007.17
