HEAL DSpace

Two-stage selective sampling for anomaly detection: Analysis and evaluation

DSpace/Manakin Repository

Show simple item record

dc.contributor.author Androulidakis, G en
dc.contributor.author Papavassiliou, S en
dc.date.accessioned 2014-03-01T01:37:30Z
dc.date.available 2014-03-01T01:37:30Z
dc.date.issued 2011 en
dc.identifier.issn 1939-0114 en
dc.identifier.uri https://dspace.lib.ntua.gr/xmlui/handle/123456789/21530
dc.subject Anomaly detection en
dc.subject Entropy en
dc.subject Sampling en
dc.subject Traffic measurements en
dc.subject.other Analysis and evaluation en
dc.subject.other Anomaly detection en
dc.subject.other Anomaly detection methods en
dc.subject.other Biased approximation en
dc.subject.other Essential component en
dc.subject.other Internet traffic monitoring en
dc.subject.other Malicious traffic en
dc.subject.other Network anomaly detection en
dc.subject.other Performance evaluation en
dc.subject.other Sampled data en
dc.subject.other Sampling method en
dc.subject.other Selective sampling en
dc.subject.other Traffic measurements en
dc.subject.other Traffic traces en
dc.subject.other Two stage en
dc.subject.other Two stage samplings en
dc.subject.other University campus en
dc.subject.other Entropy en
dc.subject.other Trace analysis en
dc.title Two-stage selective sampling for anomaly detection: Analysis and evaluation en
heal.type journalArticle en
heal.identifier.primary 10.1002/sec.191 en
heal.identifier.secondary http://dx.doi.org/10.1002/sec.191 en
heal.language English en
heal.publicationDate 2011 en
heal.abstract Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. This paper emphasizes on the analysis and evaluation of the impact of two-stage sampling (TSS) techniques on network anomaly detection. Through the positive exploitation of the fact that sampled traffic is an incomplete and simultaneously biased approximation of the underlying traffic trace, we propose and analyze an enhanced two-stage selective sampling approach, where an intelligent flow-based sampling method that focuses on the selection of small flows that are usually the source of malicious traffic, is adopted. The performance evaluation of the impact of TSS on the anomaly detection process is achieved through the use and application of an entropy-based anomaly detection method on a packet trace with data that has been collected from a real operational university campus network. The corresponding results demonstrate that the proposed approach improves and favors anomaly detection effectiveness, while at the same time reduces the number of sampled data, and in most cases achieves to even outperform the corresponding results of the unsampled case. Copyright © 2010 John Wiley & Sons, Ltd. In this paper the problem of studying and improving network anomaly detection effectiveness and efficiency through the application of two-stage selective sampling is considered. The evaluation of the proposed sampling method is based on a worm propagation scenario using an entropy-based anomaly detection method. Our experiments and results demonstrated that contrary to all other management functions, appropriate and intelligent sampling may facilitate the anomaly detection process and in several cases achieve even better anomaly detection effectiveness than the unsampled case. © 2010 John Wiley & Sons, Ltd. en
heal.publisher WILEY-BLACKWELL en
heal.journalName Security and Communication Networks en
dc.identifier.doi 10.1002/sec.191 en
dc.identifier.isi ISI:000290782500002 en
dc.identifier.volume 4 en
dc.identifier.issue 6 en
dc.identifier.spage 608 en
dc.identifier.epage 621 en


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record