J4

• Original Articles • Previous Articles     Next Articles

IP flow-based variable sampling method for network traffic measurement

PAN Qiao1,2;PEI Chang-xing1
  

  1. (1. State Key Lab. of Integrated Service Networks, Xidian Univ., Xi’an 710071, China;
    2. School of Computer Science and Technology, Donghua Univ., Shanghai 210051, China)
  • Received:2008-01-02 Revised:1900-01-01 Online:2008-12-20 Published:2008-12-20
  • Contact: PAN Qiao E-mail:panqiao@dhu.edu.cn

PDF (PC)

1138

Like

Abstract: The random packet sampling method is usually employed by traffic sampling measurement. But the accuracy of anomaly detection is affected by the fact that it biases a large IP flow. Based on the IP flow arrival process, a variable sampling method is proposed. According to the attribute of the IP flow, the incoming packets are classified by their flow identifiers and sampling rates are set by their positions in the IP flow. Experimental results show that sampled traffic data improve the accuracy of anomaly detection because the variable sampling method increases the sampling rate of packets in a small IP flow.

Key words: sampling measurement, variable sampling, IP flow, port scan

CLC Number: 

  • TP393

Copyright © 2018 Journal of Xidian University, All Rights Reserved.
Powered by Beijing Magtech Co. Ltd