Abstract—In this paper we propose the two stage opportunistic sampling technique for the detection and classification of network anomalies. Literature review indicates the application of one stage sampling for network anomaly detection. It is observed that for specific-purpose applications such as anomaly detection, a large fraction of information is contained in a small fraction of flows. We demonstrate that by using opportunistic and preferential sampling, the appearance and detection of anomalies within the sampled data set can be improved. We implement the two stage sampling and show that the results obtained are more effective. The evaluation of intelligent sampling techniques for improved anomaly detection is based on the application of an entropy-based technique on a packet trace. The proposed two-stage sampling reduces the time taken for the process when compared to the one stage sampling. We have also evaluated the results with different entropy values and observed the variation in flow distribution characteristics.

Index Terms—Anomaly detection, Entropy, Intelligent sampling, Opportunistic sampling

Dr. Venkata Rama Prasad Vaddella is working as Professor of Information Technology at Sree Vidyanikethan Engineering College,Tirupati, India (Corresponding author Phone: +91-877-2236711, Ext: 422,Fax: +91-877-2236717; e-mail: vvramaprasad@rediffmail.com).
Ms. Sridevi Rachakulla is at present working as a software engineer trainee at Tata Consultancy Services Limited, Hyderabad, India (e-mail:sridevi.rachakulla@gmail.com)

Cite: Venkata Rama Prasad Vaddella and Sridevi Rachakulla, "Two-Stage Opportunistic Sampling for Network Anomaly Detection," International Journal of Computer and Electrical Engineering vol. 2, no. 6, pp. 1068-1076, 2010.