A study on detecting network anomalies using sampled flow statistics

Ryoichi Kawahara*, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano

*この研究の対応する著者

研究成果: Conference contribution

16 被引用数 (Scopus)

抄録

We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies: We also show the effectiveness of the partitioning method using network measurement data.

本文言語English
ホスト出版物のタイトル2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
DOI
出版ステータスPublished - 2007 12月 1
外部発表はい
イベント2007 International Symposium on Applications and the Internet - Workshops, SAINT-W - Hiroshima, Japan
継続期間: 2007 1月 152007 1月 19

出版物シリーズ

名前SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

Conference

Conference2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
国/地域Japan
CityHiroshima
Period07/1/1507/1/19

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • コンピュータ サイエンスの応用
  • ソフトウェア

フィンガープリント

「A study on detecting network anomalies using sampled flow statistics」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル