Detection accuracy of network anomalies using sampled flow statistics

Ryoichi Kawahara, Keisuke Ishibashi, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano

研究成果: Conference contribution

7 引用 (Scopus)

抜粋

We investigate the detection accuracy of network anomalies when we use flow statistics obtained through packet sampling. We have already shown, through a case study based on measurement data, that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become hard to detect when we perform packet sampling. In this paper, we first develop an analytical model that enables us to quantitatively evaluate the effect of packet sampling on the detection accuracy and then investigate why detection accuracy worsens when the packet sampling rate decreases. In addition, we show that, even with a low sampling rate, spatially partitioning the monitored traffic into groups makes it possible to increase the detection accuracy. We also develop a method of determining an appropriate number of partitioned groups and show its effectiveness.

元の言語English
ホスト出版物のタイトルIEEE GLOBECOM 2007 - 2007 IEEE Global Telecommunications Conference, Proceedings
ページ1959-1964
ページ数6
DOI
出版物ステータスPublished - 2007 12 1
イベント50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007 - Washington, DC, United States
継続期間: 2007 11 262007 11 30

出版物シリーズ

名前GLOBECOM - IEEE Global Telecommunications Conference

Conference

Conference50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007
United States
Washington, DC
期間07/11/2607/11/30

    フィンガープリント

ASJC Scopus subject areas

  • Engineering(all)

これを引用

Kawahara, R., Ishibashi, K., Mori, T., Kamiyama, N., Harada, S., & Asano, S. (2007). Detection accuracy of network anomalies using sampled flow statistics. : IEEE GLOBECOM 2007 - 2007 IEEE Global Telecommunications Conference, Proceedings (pp. 1959-1964). [4411286] (GLOBECOM - IEEE Global Telecommunications Conference). https://doi.org/10.1109/GLOCOM.2007.376