Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
Cusum techniques for timeslot sequences with applications to network surveillance
Computational Statistics & Data Analysis
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, the emphasis is placed on the evaluation of the impact of various packet sampling techniques that have been proposed in the PSAMP IETF draft, on two widely used anomaly detection approaches. More specifically, we evaluate the behavior of a sequential nonparametric change-point detection method and an algorithm based on Principal Component Analysis (PCA) with the use of different metrics, under different traffic and measurement sampling methodologies. One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection