Presentation | 2006-11-16 A study on detecting network anomalies using sampled flow statistics Ryoichi KAWAHARA, Tatsuya MORI, Keisuke ISHIBASHI, Noriaki KAMIYAMA, Shigeaki HARADA, Shoichiro ASANO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become hard to detect when we execute the packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that we can increase the detectability of such anomalies by spatially partitioning the monitored traffic into some groups so that we concentrate anomalous flows on particular group(s). We also show its effectiveness through actual measurement data. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | packet sampling / anomaly detection / flow |
Paper # | NS2006-124,CQ2006-65,TM2006-38 |
Date of Issue |
Conference Information | |
Committee | CQ |
---|---|
Conference Date | 2006/11/9(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Communication Quality (CQ) |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A study on detecting network anomalies using sampled flow statistics |
Sub Title (in English) | |
Keyword(1) | packet sampling |
Keyword(2) | anomaly detection |
Keyword(3) | flow |
1st Author's Name | Ryoichi KAWAHARA |
1st Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation() |
2nd Author's Name | Tatsuya MORI |
2nd Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
3rd Author's Name | Keisuke ISHIBASHI |
3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
4th Author's Name | Noriaki KAMIYAMA |
4th Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
5th Author's Name | Shigeaki HARADA |
5th Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
6th Author's Name | Shoichiro ASANO |
6th Author's Affiliation | National Institute of Informatics |
Date | 2006-11-16 |
Paper # | NS2006-124,CQ2006-65,TM2006-38 |
Volume (vol) | vol.106 |
Number (no) | 356 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |