-
Advanced Search

Citation: Shuqin DONG, Bin ZHANG. A Probabilistic Flow Sampling Method for Traffic Anomaly Detection[J]. Journal of Electronics and Information Technology, ;2019, 41(6): 1450-1457. doi: 10.11999/JEIT180631 shu

A Probabilistic Flow Sampling Method for Traffic Anomaly Detection

  • Corresponding author: Shuqin DONG, dongshuqin377@126.com
  • Received Date: 2018-06-28
    Accepted Date: 2019-01-15
    Available Online: 2019-06-01

Figures(5) / Tables(4)

  • For problems of not meeting the demand of sampling both large flows and small flows at the same time, and not distinguishing flash crowd from traffic attacks in building network traffic anomaly detection datasets based on probabilistic sampling methods, a probabilistic flow sampling method for traffic anomaly detection is proposed. On the basis of the classification of network data flows according to their destination and source IP addresses, the sampling probability for each class of data flows is set as the maximum of its destination and source IP address’s sampling probability, and the number of sampled data flows is ceiled to ensure that each class of data flows is sampled at least once, so that the sampled dataset can reflect the distributions of large, small flows and source, destination IP addresses in original traffics. Then, the source IP address entropy is used to characterize the source IP dispersion of anomaly flows, and the attack flow sampling algorithm is designed based on the threshold of the source IP address entropy, which reduces the sampling probability of non-attack anomaly flows caused by flash crowd. The simulation results show that the proposed method can satisfy the sampling requirements of both large flows and small flows, it has a high anomaly flows sampling ability, can sample all the suspicious sources and destination IP addresses related to anomaly flows, and can effectively filter the non-attack anomaly flows.
  • 加载中
    1. [1]

      YANG Chen. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment[J/OL]. https://doi.org/10.1007/s10586-018-1755-5, 2018.

    2. [2]

      KWON D, KIM H, KIM J, et al. A survey of deep learning-based network anomaly detection[J/OL]. https://doi.org/10.1007/s10586-017-1117-8, 2017.

    3. [3]

      周爱平, 程光, 郭晓军. 高速网络流量测量方法[J]. 软件学报, 2014, 25(1): 135–153. doi: 10.13328/j.cnki.jos.004445
      ZHOU Aiping, CHENG Guang, and GUO Xiaojun. High-speed network traffic measurement method[J]. Journal of Software, 2014, 25(1): 135–153. doi: 10.13328/j.cnki.jos.004445

    4. [4]

      ANDROULIDAKIS G, CHATZIGIANNAKIS V, and PAPAVASSILIOU S. Network anomaly detection and classification via opportunistic sampling[J]. IEEE Network, 2009, 23(1): 6–12. doi: 10.1109/MNET.2009.4804318

    5. [5]

      ESTAN C and VARGHESE G. New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice[J]. ACM Transactions on Computer Systems, 2003, 21(3): 270–313. doi: 10.1145/859716.859719

    6. [6]

      ANDROULIDAKIS G and PAPAVASSILIOU S. Improving network anomaly detection via selective flow-based sampling[J]. IET Communications, 2008, 2(3): 399–409. doi: 10.1049/iet-com:20070231

    7. [7]

      JADIDI Z, MUTHUKKUMARASAMY V, SITHIRASENAN E, et al. Intelligent sampling using an optimized neural network[J]. Journal of Networks, 2016, 11(1): 16–27.

    8. [8]

      伊鹏, 钱坤, 黄万伟, 等. 基于抽样流长与完全抽样阈值的异常流自适应抽样算法[J]. 电子与信息学报, 2015, 37(7): 1606–1611. doi: 10.11999/JEIT141379
      YI Peng, QIAN Kun, HUANG Wanwei, et al. Adaptive flow sampling algorithm based on sampled packets and force sampling threshold S towards anomaly detection[J]. Journal of Electronics &Information Technology, 2015, 37(7): 1606–1611. doi: 10.11999/JEIT141379

    9. [9]

      JADIDI Z, MUTHUKKUMARASAMY V, SITHIRASENAN E, et al. A probabilistic sampling method for efficient flow-based analysis[J]. Journal of Communications and Networks, 2016, 18(5): 818–825. doi: 10.1109/JCN.2016.000110

    10. [10]

      BEHAL S, KUMAR K, and SACHDEVA M. Discriminating flash events from DDoS attacks: A comprehensive review[J]. International Journal of Network Security, 2017, 19(5): 734–741. doi: 10.6633/IJNS.201709.19(5).11

    11. [11]

      BEHAL S and KUMAR K. Detection of DDoS attacks and flash events using novel information theory metrics[J]. Computer Networks, 2017, 116: 96–110. doi: 10.1016/j.comnet.2017.02.015

    12. [12]

      张斌, 刘自豪, 董书琴, 等. 基于偏二叉树SVM多分类算法的应用层DDoS检测方法[J]. 网络与信息安全学报, 2018, 4(3): 24–34. doi: 10.11959/j.issn.2096-109x.2018020
      ZHANG Bin, LIU Zihao, DONG Shuqin, et al. App-DDoS detection method using partial binary tree based SVM algorithm[J]. Chinese Journal of Network and Information Security, 2018, 4(3): 24–34. doi: 10.11959/j.issn.2096-109x.2018020

    13. [13]

      CAIDA. The CAIDA UCSD anonymized internet traces 2013[EB/OL]. http://www.caida.org/data/passive/passive_2013_dataset.xml, 2018.

    14. [14]

      CAIDA. The CAIDA UCSD anonymized internet traces 2018[EB/OL]. http://www.caida.org/data/passive/passive_2018_dataset.xml, 2018.

    15. [15]

      MIT Lincoln Lab. 1999 DARPA intrusion detection evaluation dataset[EB/OL]. https://www.ll.mit.edu/r-d/datasets, 2017.

  • 加载中
    1. [1]

      Kaihui TUZhihong HUANGZhengrong HOUHaigang YANG . Research on Efficient FPGA Bitstream Generation System Based on Mode Matching and Hierarchical Mapping. Journal of Electronics and Information Technology, 2019, 41(0): 1-7. doi: 10.11999/JEIT190143

    2. [2]

      Zhen DAIPingbo WANGHongkai Wei . Signal Detection Based on Sigmoid Function in Non-Gaussian Noise. Journal of Electronics and Information Technology, 2019, 41(0): 1-6. doi: 10.11999/JEIT190012

    3. [3]

      Yilin WANGShilong MANan ZOUGuolong LIANG . Detection of Unknown Line-spectrum Underwater Target Using Space-time Processing. Journal of Electronics and Information Technology, 2019, 41(7): 1682-1689. doi: 10.11999/JEIT180796

    4. [4]

      Xiaohan WANGTao WANGXiongwei LIYang ZHANGChangyang HUANG . A Hardware Trojan Detection Method Based on Compression Marginal Fisher Analysis. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190004

    5. [5]

      Fei WANGShichao WUShaolin LIUYahui ZHANGYing WEI . Driver Fatigue Detection Through Deep Transfer Learning in an Electroencephalogram-based System. Journal of Electronics and Information Technology, 2019, 41(0): 1-9. doi: 10.11999/JEIT180900

    6. [6]

      Ying YUQinglong WUKaixuan SHAOYuxing KANGJian YANG . Saliency Detection Using Wavelet Transform in Hypercomplex Domain. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT180738

    7. [7]

      Guangkai LIUHoude QUANHuixian SUNPeizhang CUIKuo CHIShaolin YAO . Stochastic Resonance Detection Method for the Dual-Sequence Frequency Hopping Signal under Extremely Low Signal-to-Noise Radio. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190157

    8. [8]

      Gongguo XUGanlin SHANXiusheng DUANChenglin QIAOHaotian WANG . Scheduling Method Based on Markov Decision Process for Multi-sensor Cooperative Detection and Tracking. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT181129

    9. [9]

      Yan ZHANGJianhua CHENMeng TANG . Distributed LT Codes on Multiple Layers Networks. Journal of Electronics and Information Technology, 2019, 41(7): 1548-1554. doi: 10.11999/JEIT180804

    10. [10]

      Lun TANGYannan WEIRunlin MAXiaoyu HEQianbin CHEN . Online Learning-based Virtual Resource Allocation for Network Slicing in Virtualized Cloud Radio Access Network. Journal of Electronics and Information Technology, 2019, 41(7): 1533-1539. doi: 10.11999/JEIT180771

    11. [11]

      Yunjie GUYuxiang HUJichao XIE . A Spatial and Temporal Optimal Method of Service Function Chain Orchestration Based on Overlay Network Structure. Journal of Electronics and Information Technology, 2019, 0(0): 1-9. doi: 10.11999/JEIT190145

    12. [12]

      Ruyan WANGHongjuan LIDapeng WUHongxia LI . Semi-Markov Decision Process-based Resource Allocation Strategy for Virtual Sensor Network. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190016

    13. [13]

      Wei WANGKaili ZHOUYichang WANGGuang WANGJun YUAN . Design of Convolutional Neural Networks Accelerator Based on Fast Filter Algorithm. Journal of Electronics and Information Technology, 2019, 41(0): 1-7. doi: 10.11999/JEIT190037

    14. [14]

      Yuze SUXiangru MENGQiaoyan KANGXiaoyang HAN . Core Link Aware Survivable Virtual Network Link Protection Method. Journal of Electronics and Information Technology, 2019, 41(7): 1587-1593. doi: 10.11999/JEIT180737

    15. [15]

      Guangwu CHENJianhao CHENGJuhua YANGHao LIULinjing ZHANG . Improved Neural Network Enhanced Navigation System of Adaptive Unsented Kalman Filter. Journal of Electronics and Information Technology, 2019, 41(7): 1766-1773. doi: 10.11999/JEIT181171

    16. [16]

      Yuan SUNChunguo LIYongming HUANGLüxi YANG . Optimal Energy-efficient Design for Cache-based Cloud Radio Access Network. Journal of Electronics and Information Technology, 2019, 41(7): 1525-1532. doi: 10.11999/JEIT180722

    17. [17]

      Ningning QINLei JINJian XUFan XULe YANG . Neighbor Information Constrained Node Scheduling in Stochastic Heterogeneous Wireless Sensor Networks. Journal of Electronics and Information Technology, 2019, 41(0): 1-8. doi: 10.11999/JEIT190094

    18. [18]

      Chunsheng TIANZhihong QIANXin WANGXue WANG . Research on Channel Selection and Power Control Strategy for D2D Networks. Journal of Electronics and Information Technology, 2019, 41(0): 1-7. doi: 10.11999/JEIT190149

    19. [19]

      Hongyun YANGFengyan WANG . Meteorological Radar Noise Image Semantic Segmentation Method Based on Deep Convolutional Neural Network. Journal of Electronics and Information Technology, 2019, 41(0): 1-9. doi: 10.11999/JEIT190098

    20. [20]

      Fengshou HEYou HEZhunga LIUCong’an XU . Research and Development on Applications of Convolutional Neural Networks of Radar Automatic Target Recognition. Journal of Electronics and Information Technology, 2019, 41(0): 1-13. doi: 10.11999/JEIT180899

Metrics
  • PDF Downloads(30)
  • Abstract views(395)
  • HTML views(165)
  • Cited By(0)

通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

DownLoad:  Full-Size Img  PowerPoint
Return