Using Selective Sampling for the Support of Scalable and Efficient Network Anomaly Detection

Author

Androulidakis, G. ; Chatzigiannakis, V. ; Papavassiliou, S.

Author_Institution

Sch. of Electr. & Comput. Eng., Nat. Tech. Univ. of Athens (NTUA), Athens

fYear

2007

fDate

26-30 Nov. 2007

Firstpage

1

Lastpage

5

Abstract

Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. In this paper we consider the problem of studying and evaluating the impact of selective sampling on anomaly detection. Selective sampling focuses on the selection of small flows that are usually the source of many network attacks (DDoS, portscans, worm propagation). One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection. The performance evaluation study is achieved through the adoption and application of an anomaly detection method based on principal component analysis (PCA) using realistic data that have been collected from a real operational university campus network.

Keywords

Internet; principal component analysis; telecommunication security; telecommunication traffic; network anomaly detection; network attacks; principal component analysis; scalable Internet traffic monitoring; selective sampling; Computer network management; Computer networks; Design engineering; Engineering management; IP networks; Laboratories; Principal component analysis; Sampling methods; Statistics; Telecommunication traffic; Anomaly Detection; Principal Component Analysis; Selective Sampling; Traffic Measurements;

fLanguage

English

Publisher

ieee

Conference_Titel

Globecom Workshops, 2007 IEEE

Conference_Location

Washington, DC

Print_ISBN

978-1-4244-2024-7

Type

conf

DOI

10.1109/GLOCOMW.2007.4437785

Filename

4437785