Understanding and Evaluating the Impact of Sampling on Anomaly Detection Techniques
Papavassiliou,Symeon
National Technical University of Athens
Maglaris,Basil
National Technical University of Athens
Grammatikou,Mary
National Technical University of Athens
Chatzigiannakis,Vassilis
National Technical University of Athens
Androulidakis,Georgios
National Technical University of Athens
With the continuously increasing network traffic and high-speed Internet links, the problem of analyzing network data becomes more complicated and as a result sampling becomes an essential component of scalable Internet moni-toring. In this paper, the emphasis is placed on the evalua-tion of the impact of various packet sampling techniques that have been proposed in the PSAMP IETF draft, on two widely used anomaly detection approaches. More specifi-cally, we evaluate the behavior of a sequential nonpara-metric change-point detection method and an algorithm based on Principal Component Analysis (PCA) with the use of different metrics, under different traffic and meas-urement sampling methodologies. One of the key objec-tives of our study is to gain some insight about the feasibil-ity and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accu-racy and effectiveness in the anomaly detection.
Georgios Androulidakis is a PhD Student at the National Technical University of Athens (NTUA). He is a Research Associate at the NETwork Management and Optimal DEsign laboratory (NETMODE) of the same University. His research interests include anomaly detection, network security and network management. He holds a Diploma degree in Electrical and Computer Engineering from National Technical University of Athens. He is a member of IEEE and USENIX Association.