A study on detecting network anomalies using sampled flow statistics

Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies: We also show the effectiveness of the partitioning method using network measurement data.

Original languageEnglish
Title of host publication2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
DOIs
Publication statusPublished - 2007 Dec 1
Externally publishedYes
Event2007 International Symposium on Applications and the Internet - Workshops, SAINT-W - Hiroshima, Japan
Duration: 2007 Jan 152007 Jan 19

Publication series

NameSAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

Conference

Conference2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
CountryJapan
CityHiroshima
Period07/1/1507/1/19

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'A study on detecting network anomalies using sampled flow statistics'. Together they form a unique fingerprint.

  • Cite this

    Kawahara, R., Mori, T., Kamiyama, N., Harada, S., & Asano, S. (2007). A study on detecting network anomalies using sampled flow statistics. In 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W [4090152] (SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W). https://doi.org/10.1109/SAINT-W.2007.17