Advanced Search
Volume 37 Issue 7
Jul.  2015
Turn off MathJax
Article Contents
Article Navigation >  Journal of Electronics & Information Technology  > 2015  >  37(7): 1606-1611
Yi Peng, Qian Kun, Huang Wan-wei, Wang Jing, Zhang Zhen. Adaptive Flow Sampling Algorithm Based on Sampled Packets and Force Sampling Threshold S Towards Anomaly Detection[J]. Journal of Electronics & Information Technology, 2015, 37(7): 1606-1611. doi: 10.11999/JEIT141379
Citation: Yi Peng, Qian Kun, Huang Wan-wei, Wang Jing, Zhang Zhen. Adaptive Flow Sampling Algorithm Based on Sampled Packets and Force Sampling Threshold S Towards Anomaly Detection[J]. Journal of Electronics & Information Technology, 2015, 37(7): 1606-1611. doi: 10.11999/JEIT141379
shu

Adaptive Flow Sampling Algorithm Based on Sampled Packets and Force Sampling Threshold S Towards Anomaly Detection

doi: 10.11999/JEIT141379

  • Received Date: 2014-10-29
  • Rev Recd Date: 2015-01-13
  • Publish Date: 2015-07-19
    Abstract
  • The network traffic measurement and anomaly detection for high-speed IP network become the hotspot research of network measurement field. Because the current measurement algorithms have large estimation error for the mice flows and poor performance for the sampling anomaly traffic, an Adaptive Flow sampling algorithm based on the sampled Packets and force sampling Threshold S (AFPT) is proposed. According to the force sampling threshold S, the AFPT is able to sample the mice flows which is sensitive to the anomaly traffic, while adaptive adjustment the probability of sampling based on the sampled packets. The simulation and experimental results show that the estimation error of AFPT is consistent with the theoretical upper bound, and provide better performance for the anomaly traffic sampled. The proposed algorithm can effectively improve the accuracy of anomaly detection algorithm.
    • FullText(HTML)
  • loading
    • References(15)
  • Zhou Ai-ping, Cheng Guang, and Guo Xiao-jun. High-speed network traffic measurement method[J]. Journal of Software, 2014, 25(1): 135-153.
    Peter Lieven and Bj?rnScheuermann. High-speed per-flow traffic measurement with probabilistic multiplicity counting [C]. Proceedings of the INFOCOM 2010, San Diego, CA, USA, 2010: 1-9.
    Cheng Guang and Tang Yong-ning. Estimation algorithms of the flow number from sampled packets on approximate approaches[J]. Journal of Software, 2013, 24(2): 255-265.
    Lee Y J, Yeh Y R, and Wang Y C F. Anomaly detection via online oversampling principal component analysis[J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(7): 1460-1470.
    Pham D S, Venkatesh S, Lazarescu M, et al.. Anomaly detection in large-scale data stream networks[J]. Data Mining and Knowledge Discovery, 2014, 28(1): 145-189.
    Cai Yuan-jun, Wu Bin, Zhang Xin-wei, et al.. Flow identification and characteristics mining from internet traffic with hadoop[C]. Proceedings of the Computer Information and Telecommunication Systems (CITS), Jeju Island, Korea, 2014: 1-5.
    Brauckhoff D, Tellenbach B, Wagner A, et al.. Impact of packet sampling on anomaly detection metrics[C]. Proceedings. of the 6th ACM Sigcomm conference on Internet measurement, Rio de Janeiro, Brazil, 2006: 159-164.
    Mai Jian-ning, Chuah C N, Sridharan A, et al.. Is sampled data sufficient for anomaly detection?[C]. Proceedings of the 6th ACM Sigcomm Conference on Internet Measurement, Rio de Janeiro, Brazil, 2006: 165-176.
    Kumar A and Xu J. Sketch guided sampling using on-line estimates of flow size for adaptive data collection[C]. Proceedings of IEEE INFOCOM 2006, Barcelona, Spain, 2006: 1-11.
    Li Tao and Chen Shi-gang. Per-flow traffic measurement through randomized counter sharing[J]. IEEE ACM Transactions on Networking, 2012, 13(5): 325-336.
    王苏南. 高速复杂网络环境下异常流量检测技术研究[D]. [博士论文], 信息工程大学, 2012:38-49.
    Wang Su-nan. Research on anomaly detection technology in high-speed complex network environment[D]. [Ph.D. dissertation], The PLA Information Engineering University, 2012: 38-49.
    郭通. 基于自适应流抽样测量的网络异常检测技术研究[D]. [博士论文], 信息工程大学, 2013: 38-49.
    Guo Tong. Research on network anomaly detection technology based on adaptive flow sampling measurement[D]. [Ph.D. dissertation], The PLA Information Engineering University, 2013: 38-49.
    Lakhina A, Crovella M, and Diot C. Mining anomalies using traffic feature distributions[C]. Proceedings of the 5th ACM Sigcomm Conference on Internet Measurement, Philadelphia, PA, USA, 2005: 217-228.
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索
    Get Citation
    PDF
    XML

    Article Metrics

    Article views (1406) PDF downloads(1187) Cited by()
    Proportional views
    Related

    © 2018 JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY 京ICP备20021838号-8

    Institute of Electronics, Chinese Academy of Sciences, P.O.Box 2702, Beijing100190

    Tel:010-58887066Fax:021-64253812Email:jeit@mail.ie.ac.cn

    Supported by: Beijing Renhe Information Technology Co. Ltd

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return