Adaptive sampling method for network traffic security monitoring based on queuing theory
Present network monitoring systems need to cope with the ever-increasing amount of traffic in modern high-speed networks. These systems often perform sophisticated deep packet inspection (DPI) for anomaly detection, denial-of-service attacks detection and mitigation, intrusion detection and preventi...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Polish Academy of Sciences
2024-11-01
|
| Series: | International Journal of Electronics and Telecommunications |
| Subjects: | |
| Online Access: | https://journals.pan.pl/Content/133221/PDF/21-4789-Sosnowski-sk-new.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850265990570442752 |
|---|---|
| author | Maciej Sosnowski Piotr Wiśniewski |
| author_facet | Maciej Sosnowski Piotr Wiśniewski |
| author_sort | Maciej Sosnowski |
| collection | DOAJ |
| description | Present network monitoring systems need to cope with the ever-increasing amount of traffic in modern high-speed networks. These systems often perform sophisticated deep packet inspection (DPI) for anomaly detection, denial-of-service attacks detection and mitigation, intrusion detection and prevention, etc. Since DPI is resource-intensive, the monitoring devices are often not able to analyze all incoming traffic at link speeds. Consequently, sampling is employed to reduce the traffic volume and thus limit packet losses caused by resource exhaustion. Classical sampling methods select packets based on a fixed limiting parameter, regardless of the computational resource utilization of the monitoring device. This paper proposes a novel sampling approach for network traffic security monitoring that is based on an analytical model of the monitoring device. The model allows for testing adaptive sampling strategies that adjust the instantaneous sampling rate according to the input queue occupancy. The queue occupancy is used to drive the adaptation as it indicates the current relationship between available computational resources and the input traffic volume. Consequently, our approach maximizes the DPI ratio while simultaneously ensuring that the probability of packet loss due to resource exhaustion remains negligible. Analytical and simulation results are presented to demonstrate the impact of the proposed method on system parameters, along with a comparative studies. |
| format | Article |
| id | doaj-art-fbfd5d6412874d3c8987801b27f9a2fa |
| institution | OA Journals |
| issn | 2081-8491 2300-1933 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | Polish Academy of Sciences |
| record_format | Article |
| series | International Journal of Electronics and Telecommunications |
| spelling | doaj-art-fbfd5d6412874d3c8987801b27f9a2fa2025-08-20T01:54:16ZengPolish Academy of SciencesInternational Journal of Electronics and Telecommunications2081-84912300-19332024-11-01vol. 70No 4943951https://doi.org/10.24425/ijet.2024.152081Adaptive sampling method for network traffic security monitoring based on queuing theoryMaciej Sosnowski0Piotr Wiśniewski1Warsaw University of Technology, Institute of Telecommunications, PolandWarsaw University of Technology, Institute of Telecommunications, PolandPresent network monitoring systems need to cope with the ever-increasing amount of traffic in modern high-speed networks. These systems often perform sophisticated deep packet inspection (DPI) for anomaly detection, denial-of-service attacks detection and mitigation, intrusion detection and prevention, etc. Since DPI is resource-intensive, the monitoring devices are often not able to analyze all incoming traffic at link speeds. Consequently, sampling is employed to reduce the traffic volume and thus limit packet losses caused by resource exhaustion. Classical sampling methods select packets based on a fixed limiting parameter, regardless of the computational resource utilization of the monitoring device. This paper proposes a novel sampling approach for network traffic security monitoring that is based on an analytical model of the monitoring device. The model allows for testing adaptive sampling strategies that adjust the instantaneous sampling rate according to the input queue occupancy. The queue occupancy is used to drive the adaptation as it indicates the current relationship between available computational resources and the input traffic volume. Consequently, our approach maximizes the DPI ratio while simultaneously ensuring that the probability of packet loss due to resource exhaustion remains negligible. Analytical and simulation results are presented to demonstrate the impact of the proposed method on system parameters, along with a comparative studies.https://journals.pan.pl/Content/133221/PDF/21-4789-Sosnowski-sk-new.pdfsamplingdpinetwork monitoringsystem state distribution |
| spellingShingle | Maciej Sosnowski Piotr Wiśniewski Adaptive sampling method for network traffic security monitoring based on queuing theory International Journal of Electronics and Telecommunications sampling dpi network monitoring system state distribution |
| title | Adaptive sampling method for network traffic security monitoring based on queuing theory |
| title_full | Adaptive sampling method for network traffic security monitoring based on queuing theory |
| title_fullStr | Adaptive sampling method for network traffic security monitoring based on queuing theory |
| title_full_unstemmed | Adaptive sampling method for network traffic security monitoring based on queuing theory |
| title_short | Adaptive sampling method for network traffic security monitoring based on queuing theory |
| title_sort | adaptive sampling method for network traffic security monitoring based on queuing theory |
| topic | sampling dpi network monitoring system state distribution |
| url | https://journals.pan.pl/Content/133221/PDF/21-4789-Sosnowski-sk-new.pdf |
| work_keys_str_mv | AT maciejsosnowski adaptivesamplingmethodfornetworktrafficsecuritymonitoringbasedonqueuingtheory AT piotrwisniewski adaptivesamplingmethodfornetworktrafficsecuritymonitoringbasedonqueuingtheory |