A Study on Detecting Network Anomalies Using Sampled Flow Statistics

Hiroshima, Japan January 15-January 19

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SAINT-W.2007.17

2007 International Symposium on Appli ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ryoichi Kawahara Articles by Tatsuya Mori Articles by Noriaki Kamiyama Articles by Shigeaki Harada Articles by Shoichiro Asano

	ASCII Text	x
	Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano, "A Study on Detecting Network Anomalies Using Sampled Flow Statistics," Applications and the Internet Workshops, IEEE/IPSJ International Symposium on, pp. 81, 2007 International Symposium on Applications and the Internet Workshops (SAINTW'07), 2007.

	BibTex	x
	@article{ 10.1109/SAINT-W.2007.17, author = {Ryoichi Kawahara and Tatsuya Mori and Noriaki Kamiyama and Shigeaki Harada and Shoichiro Asano}, title = {A Study on Detecting Network Anomalies Using Sampled Flow Statistics}, journal ={Applications and the Internet Workshops, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2007}, isbn = {0-7695-2757-4}, pages = {81}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT-W.2007.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on TI - A Study on Detecting Network Anomalies Using Sampled Flow Statistics SN - 0-7695-2757-4 SP EP A1 - Ryoichi Kawahara, A1 - Tatsuya Mori, A1 - Noriaki Kamiyama, A1 - Shigeaki Harada, A1 - Shoichiro Asano, PY - 2007 KW - null VL - 0 JA - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on ER -

Ryoichi Kawahara, NTT Corporation, Japan

Tatsuya Mori, NTT Corporation, Japan

Noriaki Kamiyama, NTT Corporation, Japan

Shigeaki Harada, NTT Corporation, Japan

Shoichiro Asano, National Institute of Informatics, Japan

We investigate how to detect network anomalies using flow statistics obtained through packet sampling. First, we show that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become dificult to detect when we execute packet sampling. This is because such flows are more unlikely to be sampled than normal flows. As a solution to this problem, we then show that spatially partitioning the monitored traffic into groups and analyzing the traffic of individual groups can increase the detectability of such anomalies. We also show the effectiveness of the partitioning method using network measurement data.

Citation:

Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano, "A Study on Detecting Network Anomalies Using Sampled Flow Statistics," saint-w, pp.81, 2007 International Symposium on Applications and the Internet Workshops (SAINTW'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.