-
Advanced Search

Citation: Shuqin DONG, Bin ZHANG. A Probabilistic Flow Sampling Method for Traffic Anomaly Detection[J]. Journal of Electronics and Information Technology, ;2019, 41(6): 1450-1457. doi: 10.11999/JEIT180631 shu

A Probabilistic Flow Sampling Method for Traffic Anomaly Detection

  • Corresponding author: Shuqin DONG, dongshuqin377@126.com
  • Received Date: 2018-06-28
    Accepted Date: 2019-01-15
    Available Online: 2019-06-01

Figures(5) / Tables(4)

  • For problems of not meeting the demand of sampling both large flows and small flows at the same time, and not distinguishing flash crowd from traffic attacks in building network traffic anomaly detection datasets based on probabilistic sampling methods, a probabilistic flow sampling method for traffic anomaly detection is proposed. On the basis of the classification of network data flows according to their destination and source IP addresses, the sampling probability for each class of data flows is set as the maximum of its destination and source IP address’s sampling probability, and the number of sampled data flows is ceiled to ensure that each class of data flows is sampled at least once, so that the sampled dataset can reflect the distributions of large, small flows and source, destination IP addresses in original traffics. Then, the source IP address entropy is used to characterize the source IP dispersion of anomaly flows, and the attack flow sampling algorithm is designed based on the threshold of the source IP address entropy, which reduces the sampling probability of non-attack anomaly flows caused by flash crowd. The simulation results show that the proposed method can satisfy the sampling requirements of both large flows and small flows, it has a high anomaly flows sampling ability, can sample all the suspicious sources and destination IP addresses related to anomaly flows, and can effectively filter the non-attack anomaly flows.
  • 加载中
    1. [1]

      YANG Chen. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment[J/OL]. https://doi.org/10.1007/s10586-018-1755-5, 2018.

    2. [2]

      KWON D, KIM H, KIM J, et al. A survey of deep learning-based network anomaly detection[J/OL]. https://doi.org/10.1007/s10586-017-1117-8, 2017.

    3. [3]

      周爱平, 程光, 郭晓军. 高速网络流量测量方法[J]. 软件学报, 2014, 25(1): 135–153. doi: 10.13328/j.cnki.jos.004445
      ZHOU Aiping, CHENG Guang, and GUO Xiaojun. High-speed network traffic measurement method[J]. Journal of Software, 2014, 25(1): 135–153. doi: 10.13328/j.cnki.jos.004445

    4. [4]

      ANDROULIDAKIS G, CHATZIGIANNAKIS V, and PAPAVASSILIOU S. Network anomaly detection and classification via opportunistic sampling[J]. IEEE Network, 2009, 23(1): 6–12. doi: 10.1109/MNET.2009.4804318

    5. [5]

      ESTAN C and VARGHESE G. New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice[J]. ACM Transactions on Computer Systems, 2003, 21(3): 270–313. doi: 10.1145/859716.859719

    6. [6]

      ANDROULIDAKIS G and PAPAVASSILIOU S. Improving network anomaly detection via selective flow-based sampling[J]. IET Communications, 2008, 2(3): 399–409. doi: 10.1049/iet-com:20070231

    7. [7]

      JADIDI Z, MUTHUKKUMARASAMY V, SITHIRASENAN E, et al. Intelligent sampling using an optimized neural network[J]. Journal of Networks, 2016, 11(1): 16–27.

    8. [8]

      伊鹏, 钱坤, 黄万伟, 等. 基于抽样流长与完全抽样阈值的异常流自适应抽样算法[J]. 电子与信息学报, 2015, 37(7): 1606–1611. doi: 10.11999/JEIT141379
      YI Peng, QIAN Kun, HUANG Wanwei, et al. Adaptive flow sampling algorithm based on sampled packets and force sampling threshold S towards anomaly detection[J]. Journal of Electronics &Information Technology, 2015, 37(7): 1606–1611. doi: 10.11999/JEIT141379

    9. [9]

      JADIDI Z, MUTHUKKUMARASAMY V, SITHIRASENAN E, et al. A probabilistic sampling method for efficient flow-based analysis[J]. Journal of Communications and Networks, 2016, 18(5): 818–825. doi: 10.1109/JCN.2016.000110

    10. [10]

      BEHAL S, KUMAR K, and SACHDEVA M. Discriminating flash events from DDoS attacks: A comprehensive review[J]. International Journal of Network Security, 2017, 19(5): 734–741. doi: 10.6633/IJNS.201709.19(5).11

    11. [11]

      BEHAL S and KUMAR K. Detection of DDoS attacks and flash events using novel information theory metrics[J]. Computer Networks, 2017, 116: 96–110. doi: 10.1016/j.comnet.2017.02.015

    12. [12]

      张斌, 刘自豪, 董书琴, 等. 基于偏二叉树SVM多分类算法的应用层DDoS检测方法[J]. 网络与信息安全学报, 2018, 4(3): 24–34. doi: 10.11959/j.issn.2096-109x.2018020
      ZHANG Bin, LIU Zihao, DONG Shuqin, et al. App-DDoS detection method using partial binary tree based SVM algorithm[J]. Chinese Journal of Network and Information Security, 2018, 4(3): 24–34. doi: 10.11959/j.issn.2096-109x.2018020

    13. [13]

      CAIDA. The CAIDA UCSD anonymized internet traces 2013[EB/OL]. http://www.caida.org/data/passive/passive_2013_dataset.xml, 2018.

    14. [14]

      CAIDA. The CAIDA UCSD anonymized internet traces 2018[EB/OL]. http://www.caida.org/data/passive/passive_2018_dataset.xml, 2018.

    15. [15]

      MIT Lincoln Lab. 1999 DARPA intrusion detection evaluation dataset[EB/OL]. https://www.ll.mit.edu/r-d/datasets, 2017.

  • 加载中
    1. [1]

      Lingbo MENGXiurui GENG . A Hyperspectral Imagery Anomaly Detection Algorithm Based on Cokurtosis Tensor. Journal of Electronics and Information Technology, 2019, 41(1): 150-155. doi: 10.11999/JEIT180280

    2. [2]

      Shuqin DONGBin ZHANG . Network Traffic Anomaly Detection Method Based on Deep Features Learning. Journal of Electronics and Information Technology, 2019, 41(0): 1-9. doi: 10.11999/JEIT190266

    3. [3]

      Ying CHENDandan HE . Spatial-temporal Stream Anomaly Detection Based on Bayesian Fusion. Journal of Electronics and Information Technology, 2019, 41(5): 1137-1144. doi: 10.11999/JEIT180429

    4. [4]

      Luzhao CHENWanhua ZHUPeilin WUChunjiao FEIGuangyou FANG . Magnetic Anomaly Detection Algorithm Based on Fractal Features in Geomagnetic Background. Journal of Electronics and Information Technology, 2019, 41(2): 332-340. doi: 10.11999/JEIT180307

    5. [5]

      Jiugen SHIJi WANGJing ZHANGHao XU . Distributed Firewall Policy Based on Traffic Engineering in Software Defined Network. Journal of Electronics and Information Technology, 2019, 41(1): 91-98. doi: 10.11999/JEIT180223

    6. [6]

      Yuxiang HUZiyong LIZongkui HUTao HU . Control Resource Optimization Mechanism of SDN Based on Traffic Engineering. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190276

    7. [7]

      Liang JINAolin CAIKaizhi HUANGZhou ZHONGYangming LOU . Secret Key Generation Method Based on Multi-stream Random Signal. Journal of Electronics and Information Technology, 2019, 41(6): 1405-1412. doi: 10.11999/JEIT181040

    8. [8]

      Jiangyi LIUChunping WANG . Cardinalized Probability Hypothesis Density Filter Based on Pairwise Markov Chains. Journal of Electronics and Information Technology, 2019, 41(2): 492-497. doi: 10.11999/JEIT180352

    9. [9]

      Yali SIFuzhi ZHANGWenyuan LIU . An Adaptive Point-Of-Interest Recommendation Method Based on Check-in Activity and Temporal-Spatial Probabilistic Models. Journal of Electronics and Information Technology, 2019, 41(0): 1-9. doi: 10.11999/JEIT190287

    10. [10]

      Xiuli BIYang WEIBin XIAOWeisheng LIJianfeng MA . Image Forgery Detection Algorithm Based on Cascaded Convolutional Neural Network. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190043

    11. [11]

      Jianwei LIChangwen QUShujuan PENGYuan JIANG . Ship Detection in SAR images Based on Generative Adversarial Network and Online Hard Examples Mining. Journal of Electronics and Information Technology, 2019, 41(1): 143-149. doi: 10.11999/JEIT180050

    12. [12]

      Shaoping XUGuizhen ZHANGChongxi LITingyun LIUYiling TANG . A Fast Random-valued Impulse Noise Detection Algorithm Based on Deep Belief Network. Journal of Electronics and Information Technology, 2019, 41(5): 1130-1136. doi: 10.11999/JEIT180558

    13. [13]

      Ye ZHANGTing XUDingzhong FENGMeixian JIANGGuanghua WU . Research on Faster RCNN Object Detection Based on Hard Example Mining. Journal of Electronics and Information Technology, 2019, 41(6): 1496-1502. doi: 10.11999/JEIT180702

    14. [14]

      Hongsong CHENJingjiu CHEN . Recurrent Neural Networks Based Wireless Network Intrusion Detection and Classification Model Construction and Optimization. Journal of Electronics and Information Technology, 2019, 41(6): 1427-1433. doi: 10.11999/JEIT180691

    15. [15]

      Kaihui TUZhihong HUANGZhengrong HOUHaigang YANG . Research on Efficient FPGA Bitstream Generation System Based on Mode Matching and Hierarchical Mapping. Journal of Electronics and Information Technology, 2019, 41(0): 1-7. doi: 10.11999/JEIT190143

    16. [16]

      Chenshuo WANGGuangqiang HEYueqi LIRongjian ZHAOXianxiang CHENLidong DUZhan ZHAOZhen FANG . Calculation of Forced Vital Capacity Based on Turbine Air Flow Sensor. Journal of Electronics and Information Technology, 2019, 41(10): 2396-2401. doi: 10.11999/JEIT190051

    17. [17]

      Zhen DAIPingbo WANGHongkai Wei . Signal Detection Based on Sigmoid Function in Non-Gaussian Noise. Journal of Electronics and Information Technology, 2019, 41(0): 1-6. doi: 10.11999/JEIT190012

    18. [18]

      Yilin WANGShilong MANan ZOUGuolong LIANG . Detection of Unknown Line-spectrum Underwater Target Using Space-time Processing. Journal of Electronics and Information Technology, 2019, 41(7): 1682-1689. doi: 10.11999/JEIT180796

    19. [19]

      Hao LIHailiang LURui YURongchuan LÜYinan LIJiakun WANGJungang MIAO . Radio-frequency Interference Detection Algorithm for L-band Phased Array Microwave Radiometer. Journal of Electronics and Information Technology, 2019, 41(1): 172-179. doi: 10.11999/JEIT180203

    20. [20]

      Baozhu LIJian GUANYunlong DONG . Anti-bias Track Association Algorithm of Radar and Electronic Support Measurements Based on Track Vectors Detection. Journal of Electronics and Information Technology, 2019, 41(1): 123-129. doi: 10.11999/JEIT180303

Metrics
  • PDF Downloads(36)
  • Abstract views(486)
  • HTML views(209)
  • Cited By(0)

通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

DownLoad:  Full-Size Img  PowerPoint
Return