R. Kawahara, Tatsuya Mori, N. Kamiyama, Shigeaki Harada, S. Asano
{"title":"基于采样流量统计的网络异常检测研究","authors":"R. Kawahara, Tatsuya Mori, N. Kamiyama, Shigeaki Harada, S. Asano","doi":"10.1109/SAINT-W.2007.17","DOIUrl":null,"url":null,"abstract":"We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies. We also show the effectiveness of the partitioning method using network measurement data","PeriodicalId":254195,"journal":{"name":"2007 International Symposium on Applications and the Internet Workshops","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"A Study on Detecting Network Anomalies Using Sampled Flow Statistics\",\"authors\":\"R. Kawahara, Tatsuya Mori, N. Kamiyama, Shigeaki Harada, S. Asano\",\"doi\":\"10.1109/SAINT-W.2007.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies. We also show the effectiveness of the partitioning method using network measurement data\",\"PeriodicalId\":254195,\"journal\":{\"name\":\"2007 International Symposium on Applications and the Internet Workshops\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-01-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Symposium on Applications and the Internet Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINT-W.2007.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Symposium on Applications and the Internet Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINT-W.2007.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Study on Detecting Network Anomalies Using Sampled Flow Statistics
We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become difficult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies. We also show the effectiveness of the partitioning method using network measurement data
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
