A critical review on the implementation of static data sampling techniques to detect network attacks

Given that Internet traffic speed and volume are growing at a rapid pace, monitoring the network in a real-time manner has introduced several issues in terms of computing and storage capabilities. Fast processing of traffic data and early warnings on the detected attacks are required while maintaining a single pass over the traffic measurements. To alleviate these problems, one can reduce the amount of traffic to be processed using a sampling technique and detect the attacks based on the sampled traffic. Different parameters have an impact on the efficiency of this process, mainly the applied sampling policy and sampling ratio. In this study, we investigate the statistical impact of sampling network traffic and quantify the amount of deterioration that the sampling process introduces. In this context, an experimental comparison of existing sampling techniques is performed based on their impact on several well-known statistical measures.