A study on detecting network anomalies using sampled flow statistics

Ryoichi Kawahara*, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies: We also show the effectiveness of the partitioning method using network measurement data.

Original languageEnglish
Title of host publication2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
DOIs
Publication statusPublished - 2007 Dec 1
Externally publishedYes
Event2007 International Symposium on Applications and the Internet - Workshops, SAINT-W - Hiroshima, Japan
Duration: 2007 Jan 152007 Jan 19

Publication series

NameSAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

Conference

Conference2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
Country/TerritoryJapan
CityHiroshima
Period07/1/1507/1/19

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'A study on detecting network anomalies using sampled flow statistics'. Together they form a unique fingerprint.

Cite this