Paper Info
Title
Towards efficient flow sampling technique for anomaly detection
Abstract
With increasing amount of network traffic, sampling techniques have become widely employed allowing monitoring and analysis of high-speed network links. Despite of all benefits, sampling methods negatively influence the accuracy of anomaly detection techniques and other subsequent processing. In this paper, we present an adaptive, feature-aware sampling technique that reduces the loss of information bounded with the sampling process, thus minimizing the decrease of anomaly detection efficiency. To verify the optimality of our proposed technique, we build a model of the ideal sampling algorithm and define general metrics allowing us to compute the distortion of traffic feature distribution for various types of sampling algorithms. We compare our technique with random flow sampling and reveal their impact on several anomaly detection methods by using real network traffic data. The presented ideas can be applied on high-speed network links to refine the input data by suppressing highly-redundant information.
Year
DOI
Venue
2012
10.1007/978-3-642-28534-9_11
TMA
Keywords
Field
DocType
anomaly detection,sampling technique,sampling process,feature-aware sampling technique,sampling method,random flow sampling,towards efficient flow,network traffic,sampling algorithm,real network traffic data,high-speed network link,ideal sampling algorithm,intrusion detection,netflow,sampling
Data mining,Anomaly detection,Computer science,NetFlow,Flow (psychology),Real-time computing,Sampling (statistics),Distortion,Intrusion detection system,Gibbs sampling,Bounded function
Conference
Citations 
PageRank 
References 
4
0.43
15
Authors
2
Name
Order
Citations
PageRank
Karel Bartos111012.60
Martin Rehak225128.57