Understanding and evaluating the impact of sampling on anomaly detection techniques

Authors:
Georgios Androulidakis;Vasilis Chatzigiannakis;Symeon Papavassiliou;Mary Grammatikou;Vasilis Maglaris
Affiliations:
Network Management & Optimal Design Lab, School of Electrical and Computer Engineering, National Technical University of Athens, Zografou, Athens, Greece;Network Management & Optimal Design Lab, School of Electrical and Computer Engineering, National Technical University of Athens, Zografou, Athens, Greece;Network Management & Optimal Design Lab, School of Electrical and Computer Engineering, National Technical University of Athens, Zografou, Athens, Greece;Network Management & Optimal Design Lab, School of Electrical and Computer Engineering, National Technical University of Athens, Zografou, Athens, Greece;Network Management & Optimal Design Lab, School of Electrical and Computer Engineering, National Technical University of Athens, Zografou, Athens, Greece
Venue:
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Year:
2006

Citing 8
Cited 3

Application of sampling methodologies to network traffic characterization

SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection

IEEE Transactions on Computers
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Inverting sampled traffic

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Building a better NetFlow

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
Estimating flow distributions from sampled flow statistics

IEEE/ACM Transactions on Networking (TON)

Cusum techniques for timeslot sequences with applications to network surveillance

Computational Statistics & Data Analysis
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems

ACM SIGCOMM Computer Communication Review
Analysis of the impact of sampling on NetFlow traffic classification

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, the emphasis is placed on the evaluation of the impact of various packet sampling techniques that have been proposed in the PSAMP IETF draft, on two widely used anomaly detection approaches. More specifically, we evaluate the behavior of a sequential nonparametric change-point detection method and an algorithm based on Principal Component Analysis (PCA) with the use of different metrics, under different traffic and measurement sampling methodologies. One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection