Detection accuracy of network anomalies using sampled flow statistics

Ryoichi Kawahara*, Keisuke Ishibashi, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)


We investigate the detection accuracy of network anomalies when we use flow statistics obtained through packet sampling. We have already shown, through a case study based on measurement data, that network anomalies generating a huge number of small flows, such as network scans or SYN flooding, become hard to detect when we perform packet sampling. In this paper, we first develop an analytical model that enables us to quantitatively evaluate the effect of packet sampling on the detection accuracy and then investigate why detection accuracy worsens when the packet sampling rate decreases. In addition, we show that, even with a low sampling rate, spatially partitioning the monitored traffic into groups makes it possible to increase the detection accuracy. We also develop a method of determining an appropriate number of partitioned groups and show its effectiveness.

Original languageEnglish
Title of host publicationIEEE GLOBECOM 2007 - 2007 IEEE Global Telecommunications Conference, Proceedings
Number of pages6
Publication statusPublished - 2007
Externally publishedYes
Event50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007 - Washington, DC, United States
Duration: 2007 Nov 262007 Nov 30

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference


Conference50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007
Country/TerritoryUnited States
CityWashington, DC

ASJC Scopus subject areas

  • Engineering(all)


Dive into the research topics of 'Detection accuracy of network anomalies using sampled flow statistics'. Together they form a unique fingerprint.

Cite this