Abstract
Recent estimates suggest that p2p traffic comprises a significant fraction of today's Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
