Critical infrastructure protection: Resource efficient sampling to improve detection of less frequent patterns in network traffic

Authors:
Abdun Naser Mahmood;Jiankun Hu;Zahir Tari;Christopher Leckie
Affiliations:
School of Computer Science and IT, RMIT University, Australia;School of Computer Science and IT, RMIT University, Australia;School of Computer Science and IT, RMIT University, Australia;Department of Computer Science and Software Engineering, Melbourne University, Australia
Venue:
Journal of Network and Computer Applications
Year:
2010

Citing 22
Cited 4

A general lower bound on the number of examples needed for learning

Information and Computation
Application of sampling methodologies to network traffic characterization

SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
CURE: an efficient clustering algorithm for large databases

SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
New sampling-based summary statistics for improving approximate query answers

SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Density biased sampling: an improved method for data mining and clustering

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Trajectory sampling for direct traffic observation

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Sampling algorithms: lower bounds and applications

STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Deriving traffic demands for operational IP networks: methodology and experience

IEEE/ACM Transactions on Networking (TON)
Charging from sampled network usage

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
An Efficient Approximation Scheme for Data Mining Tasks

Proceedings of the 17th International Conference on Data Engineering
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice

ACM Transactions on Computer Systems (TOCS)
Automatically inferring patterns of resource consumption in network traffic

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
On compressing frequent patterns

Data & Knowledge Engineering
Reducing unwanted traffic in a backbone network

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Finding hierarchical heavy hitters in data streams

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
An Efficient Clustering Scheme to Exploit Hierarchical Data in Network Traffic Analysis

IEEE Transactions on Knowledge and Data Engineering
Spam filtering for network traffic security on a multi-core environment

Concurrency and Computation: Practice & Experience - Multi-core Supported Network and System Security
A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

Journal of Network and Computer Applications
Building a SCADA Security Testbed

NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
PISA: automatic extraction of traffic signatures

NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Enhancing network intrusion detection with integrated sampling and filtering

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Generating regular expression signatures for network traffic classification in trusted network management

Journal of Network and Computer Applications
A structural approach for modelling the hierarchical dynamic process of Web workload in a large-scale campus network

Journal of Network and Computer Applications
New class-dependent feature transformation for intrusion detection systems

Security and Communication Networks
A multiadaptive sampling technique for cost-effective network measurements

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Networked critical infrastructures are of national importance. However, such infrastructures are running 24/7. The supervisory control and data acquisition system (SCADA) of the critical infrastructure will generate enormous network traffic continuously. It is vital in such environments that only useful data are stored while redundant data are discarded to reduce the huge data storage demand. However it is technically challenging to reduce the demand on data storage while losing little information. In this paper, a resource conserving sampling technique is proposed to improve detection of less frequent patterns from huge network traffic under the fixed data storage capacity of the system. Such less frequent patterns are often related to subtle network intrusion activities. Experiments using the 1998 DARPA intrusion Detection Dataset have validated the effectiveness of the proposed scheme.