Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Connection-level analysis and modeling of network traffic
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
IEEE Security and Privacy
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Detecting Internet worms at early stage
IEEE Journal on Selected Areas in Communications
Impact of Packet Sampling on Portscan Detection
IEEE Journal on Selected Areas in Communications
Information fusion for computer security: State of the art and open issues
Information Fusion
An analysis of packet sampling in the frequency domain
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Three levels network analysis for anomaly detection
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
International Journal of Network Management
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Progress and challenges in intelligent vehicle area networks
Communications of the ACM
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
Towards efficient flow sampling technique for anomaly detection
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Proceedings of the 2nd International Conference on Application and Theory of Automation in Command and Control Systems
NetGator: malware detection using program interactive challenges
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.02 |
In this article the emphasis is placed on the evaluation of the impact of intelligent flow sampling techniques on the detection and classification of network anomalies. Based on the observation that for specific-purpose applications such as anomaly detection a large fraction of information is contained in a small fraction of flows, we demonstrate that by using sampling techniques that opportunistically and preferentially sample traffic data, we achieve "magnification" of the appearance of anomalies within the sampled data set and therefore improve their detection. Therefore, the inherently "lossy" sampling process is transformed to an advantageous feature in the anomaly detection case, allowing the revealing of anomalies that would be otherwise untraceable, and thus becoming the vehicle for efficient anomaly detection and classification. The evaluation of the impact of intelligent sampling techniques on the anomaly detection process is based on the application of an entropy-based anomaly detection method on a packet trace with data that has been collected from a real operational university campus network.