一种自适应流量采样异常检测方法

2009 Fourth International Conference on Internet Computing for Science and Engineering Pub Date : 2009-12-21 DOI:10.1109/ICICSE.2009.32

Xiaobing He, Wu Yang, Qing Wang

{"title":"一种自适应流量采样异常检测方法","authors":"Xiaobing He, Wu Yang, Qing Wang","doi":"10.1109/ICICSE.2009.32","DOIUrl":null,"url":null,"abstract":"The random packet sampling method is the simplest methodology for reducing the amount of packets that the network monitoring system has to process. However, the accuracy of anomaly detection is affected by the fact that this method biases a large IP flow. In order to reduce the impact of sampled traffic on network anomaly detecting, an adaptive traffic sampling method is proposed. This method is developed based on time stratification. Our adaptive method lies in an innovative scheme. It divides time into strata and then samples an incoming packet with a probalility, which is a decreasing function f of the predicted size of the flow the packet belongs to. Instead of data streaming algorithms, we use packet samples and a sampling probability to estimate flow size, thus to save resources. A force sampling is also employed to increase the accuracy of estimation of smaller flows. Experiments results show that our scheme is more accurate than traditional random packet sampling for estimating anomalous traffic, thus the performance of anomalous detecting is improved.","PeriodicalId":193621,"journal":{"name":"2009 Fourth International Conference on Internet Computing for Science and Engineering","volume":"341 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"An Adaptive Traffic Sampling Method for Anomaly Detection\",\"authors\":\"Xiaobing He, Wu Yang, Qing Wang\",\"doi\":\"10.1109/ICICSE.2009.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The random packet sampling method is the simplest methodology for reducing the amount of packets that the network monitoring system has to process. However, the accuracy of anomaly detection is affected by the fact that this method biases a large IP flow. In order to reduce the impact of sampled traffic on network anomaly detecting, an adaptive traffic sampling method is proposed. This method is developed based on time stratification. Our adaptive method lies in an innovative scheme. It divides time into strata and then samples an incoming packet with a probalility, which is a decreasing function f of the predicted size of the flow the packet belongs to. Instead of data streaming algorithms, we use packet samples and a sampling probability to estimate flow size, thus to save resources. A force sampling is also employed to increase the accuracy of estimation of smaller flows. Experiments results show that our scheme is more accurate than traditional random packet sampling for estimating anomalous traffic, thus the performance of anomalous detecting is improved.\",\"PeriodicalId\":193621,\"journal\":{\"name\":\"2009 Fourth International Conference on Internet Computing for Science and Engineering\",\"volume\":\"341 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fourth International Conference on Internet Computing for Science and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICICSE.2009.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth International Conference on Internet Computing for Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICSE.2009.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

随机数据包抽样方法是减少网络监控系统必须处理的数据包数量的最简单的方法。然而，该方法存在较大的IP流偏差，影响了异常检测的准确性。为了减少采样流量对网络异常检测的影响，提出了一种自适应流量采样方法。该方法是基于时间分层的。我们的适应性方法在于一个创新的方案。它将时间分成不同的层，然后对传入的数据包进行概率采样，概率是数据包所属流预测大小的递减函数f。我们没有使用数据流算法，而是使用数据包样本和采样概率来估计流量大小，从而节省资源。为了提高小流量的估计精度，还采用了力采样。实验结果表明，该方法比传统的随机分组采样方法更准确地估计了异常流量，从而提高了异常检测的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Adaptive Traffic Sampling Method for Anomaly Detection

The random packet sampling method is the simplest methodology for reducing the amount of packets that the network monitoring system has to process. However, the accuracy of anomaly detection is affected by the fact that this method biases a large IP flow. In order to reduce the impact of sampled traffic on network anomaly detecting, an adaptive traffic sampling method is proposed. This method is developed based on time stratification. Our adaptive method lies in an innovative scheme. It divides time into strata and then samples an incoming packet with a probalility, which is a decreasing function f of the predicted size of the flow the packet belongs to. Instead of data streaming algorithms, we use packet samples and a sampling probability to estimate flow size, thus to save resources. A force sampling is also employed to increase the accuracy of estimation of smaller flows. Experiments results show that our scheme is more accurate than traditional random packet sampling for estimating anomalous traffic, thus the performance of anomalous detecting is improved.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Fourth International Conference on Internet Computing for Science and Engineering

自引率

0.00%

发文量