{"title":"An Adaptive Traffic Sampling Method for Anomaly Detection","authors":"Xiaobing He, Wu Yang, Qing Wang","doi":"10.1109/ICICSE.2009.32","DOIUrl":null,"url":null,"abstract":"The random packet sampling method is the simplest methodology for reducing the amount of packets that the network monitoring system has to process. However, the accuracy of anomaly detection is affected by the fact that this method biases a large IP flow. In order to reduce the impact of sampled traffic on network anomaly detecting, an adaptive traffic sampling method is proposed. This method is developed based on time stratification. Our adaptive method lies in an innovative scheme. It divides time into strata and then samples an incoming packet with a probalility, which is a decreasing function f of the predicted size of the flow the packet belongs to. Instead of data streaming algorithms, we use packet samples and a sampling probability to estimate flow size, thus to save resources. A force sampling is also employed to increase the accuracy of estimation of smaller flows. Experiments results show that our scheme is more accurate than traditional random packet sampling for estimating anomalous traffic, thus the performance of anomalous detecting is improved.","PeriodicalId":193621,"journal":{"name":"2009 Fourth International Conference on Internet Computing for Science and Engineering","volume":"341 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth International Conference on Internet Computing for Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICSE.2009.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The random packet sampling method is the simplest methodology for reducing the amount of packets that the network monitoring system has to process. However, the accuracy of anomaly detection is affected by the fact that this method biases a large IP flow. In order to reduce the impact of sampled traffic on network anomaly detecting, an adaptive traffic sampling method is proposed. This method is developed based on time stratification. Our adaptive method lies in an innovative scheme. It divides time into strata and then samples an incoming packet with a probalility, which is a decreasing function f of the predicted size of the flow the packet belongs to. Instead of data streaming algorithms, we use packet samples and a sampling probability to estimate flow size, thus to save resources. A force sampling is also employed to increase the accuracy of estimation of smaller flows. Experiments results show that our scheme is more accurate than traditional random packet sampling for estimating anomalous traffic, thus the performance of anomalous detecting is improved.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
