Network anomaly detection and classification via opportunistic sampling

Androulidakis, G; Chatzigiannakis, V; Papavassiliou, S

dc.contributor.author	Androulidakis, G	en
dc.contributor.author	Chatzigiannakis, V	en
dc.contributor.author	Papavassiliou, S	en
dc.date.accessioned	2014-03-01T01:31:17Z
dc.date.available	2014-03-01T01:31:17Z
dc.date.issued	2009	en
dc.identifier.issn	0890-8044	en
dc.identifier.uri	https://dspace.lib.ntua.gr/xmlui/handle/123456789/19774
dc.subject	Data mining	en
dc.subject	Entropy	en
dc.subject	Grippers	en
dc.subject	IP networks	en
dc.subject	Probability density function	en
dc.subject	Sampling methods	en
dc.subject	Web server	en
dc.subject.classification	Computer Science, Hardware & Architecture	en
dc.subject.classification	Computer Science, Information Systems	en
dc.subject.classification	Engineering, Electrical & Electronic	en
dc.subject.classification	Telecommunications	en
dc.subject.other	Anomaly detection methods	en
dc.subject.other	Anomaly detections	en
dc.subject.other	IP networks	en
dc.subject.other	Network anomalies	en
dc.subject.other	Network anomaly detections	en
dc.subject.other	Sampled datum	en
dc.subject.other	Sampling methods	en
dc.subject.other	Sampling process	en
dc.subject.other	Sampling techniques	en
dc.subject.other	Traffic datum	en
dc.subject.other	University campus	en
dc.subject.other	Web server	en
dc.subject.other	Entropy	en
dc.subject.other	Grippers	en
dc.subject.other	Information management	en
dc.subject.other	Internet protocols	en
dc.subject.other	Web services	en
dc.subject.other	Probability density function	en
dc.title	Network anomaly detection and classification via opportunistic sampling	en
heal.type	journalArticle	en
heal.identifier.primary	10.1109/MNET.2009.4804318	en
heal.identifier.secondary	http://dx.doi.org/10.1109/MNET.2009.4804318	en
heal.language	English	en
heal.publicationDate	2009	en
heal.abstract	In this article the emphasis is placed on the evaluation of the impact of intelligent flow sampling techniques on the detection and classification of network anomalies. Based on the observation that for specific-purpose applications such as anomaly detection a large fraction of information is contained in a small fraction of flows, we demonstrate that by using sampling techniques that opportunistically and preferentially sample traffic data, we achieve-magnification-of the appearance of anomalies within the sampled data set and therefore improve their detection. Therefore, the inherently-lossy-sampling process is transformed to an advantageous feature in the anomaly detection case, allowing the revealing of anomalies that would be otherwise untraceable, and thus becoming the vehicle for efficient anomaly detection and classification. The evaluation of the impact of intelligent sampling techniques on the anomaly detection process is based on the application of an entropy-based anomaly detection method on a packet trace with data that has been collected from a real operational university campus network. © 2009 IEEE.	en
heal.publisher	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC	en
heal.journalName	IEEE Network	en
dc.identifier.doi	10.1109/MNET.2009.4804318	en
dc.identifier.isi	ISI:000263161900003	en
dc.identifier.volume	23	en
dc.identifier.issue	1	en
dc.identifier.spage	6	en
dc.identifier.epage	12	en