Sciweavers

INFOCOM
2010
IEEE

A Signal Processing View on Packet Sampling and Anomaly Detection

13 years 11 months ago
A Signal Processing View on Packet Sampling and Anomaly Detection
—Anomaly detection methods typically operate on pre-processed, i.e., sampled and aggregated, traffic traces. Most traffic capturing devices today employ random packet sampling, where each packet is selected with a certain probability, to cope with increasing link speeds. Temporal aggregation, where all packets in a measurement interval are represented by their temporal mean, is then applied to transform the traffic trace to the observation timescale of interest. These pre-processing steps affect the temporal correlation structure of traffic that is used by anomaly detection methods (e.g., Kalman filter, PCA), and have thus an impact on anomaly detection performance. Prior work has analyzed how packet sampling degrades the accuracy of anomaly detection methods; however, neither theoretical explanations nor solutions to the sampling problem have been provided. This paper makes the following key contributions: (i) It provides a thorough analysis and quatification of how packet sam...
Daniela Brauckhoff, Kavé Salamatian, Martin
Added 28 Jan 2011
Updated 28 Jan 2011
Type Journal
Year 2010
Where INFOCOM
Authors Daniela Brauckhoff, Kavé Salamatian, Martin May
Comments (0)