An Analysis of Packet Sampling Strategy of Network-based Intrusion Detection System

WANG Wei-Ping,ZHU Wei-Wei,CHEN Wen-Hui,LIANG Liang
DOI: https://doi.org/10.3969/j.issn.1002-1175.2006.04.016
2006-01-01
Abstract:Since sampling entails incurring network costs for real-time packet sampling and packet examination hardware in the network-based intrusion detection system, we would like to develop a network packet sampling strategy to effectively detect network intrusions without exceeding the velocity of the packet examination.We consider this problem in a game theoretic framework and introduce sampling schemes that are optimal in this game theoretic setting by the Minimax theorem and the max-flow min-cut theorem.According to the limitation and scarcity of this single intrusion node method,we introduce a method of risk management and extend the solution to more complex cases to choose sampling strategy while facing more various environments.Finally,we provide an empirical study to exemplify our improved method.
What problem does this paper attempt to address?