Towards Efficient Flow Sampling Technique for Anomaly Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F12%3A00191018" target="_blank" >RIV/68407700:21230/12:00191018 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.springerlink.com/content/aht28428hmm47366/fulltext.pdf" target="_blank" >http://www.springerlink.com/content/aht28428hmm47366/fulltext.pdf</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-642-28534-9_11" target="_blank" >10.1007/978-3-642-28534-9_11</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Towards Efficient Flow Sampling Technique for Anomaly Detection

Popis výsledku v původním jazyce

With increasing amount of network traffic, sampling techniques have become widely employed allowing monitoring and analysis of high-speed network links. Despite of all benefits, sampling methods negatively influence the accuracy of anomaly detection techniques and other subsequent processing. In this paper, we present an adaptive, feature-aware sampling technique that reduces the loss of information bounded with the sampling process, thus minimizing the decrease of anomaly detection efficiency. To verify the optimality of our proposed technique, we build a model of the ideal sampling algorithm and define general metrics allowing us to compute the distortion of traffic feature distribution for various types of sampling algorithms. We compare our technique with random flow sampling and reveal their impact on several anomaly detection methods by using real network traffic data. The presented ideas can be applied on high-speed network links to refine the input data by suppressing highly-re

Název v anglickém jazyce

Towards Efficient Flow Sampling Technique for Anomaly Detection

Popis výsledku anglicky

With increasing amount of network traffic, sampling techniques have become widely employed allowing monitoring and analysis of high-speed network links. Despite of all benefits, sampling methods negatively influence the accuracy of anomaly detection techniques and other subsequent processing. In this paper, we present an adaptive, feature-aware sampling technique that reduces the loss of information bounded with the sampling process, thus minimizing the decrease of anomaly detection efficiency. To verify the optimality of our proposed technique, we build a model of the ideal sampling algorithm and define general metrics allowing us to compute the distortion of traffic feature distribution for various types of sampling algorithms. We compare our technique with random flow sampling and reveal their impact on several anomaly detection methods by using real network traffic data. The presented ideas can be applied on high-speed network links to refine the input data by suppressing highly-re

Druh

D - Stať ve sborníku

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2012

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Traffic Monitoring and Analysis

ISBN

978-3-642-28533-2

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

14

Strana od-do

93-106

Název nakladatele

Springer-Verlag

Místo vydání

Berlin

Místo konání akce

Vienna

Datum konání akce

12. 3. 2012

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—