Critical infrastructure protection: Resource efficient sampling to improve detection of less frequent patterns in network traffic

Networked critical infrastructures are of national importance. However, such infrastructures are running 24/7. The supervisory control and data acquisition system (SCADA) of the critical infrastructure will generate enormous network traffic continuously. It is vital in such environments that only useful data are stored while redundant data are discarded to reduce the huge data storage demand. However it is technically challenging to reduce the demand on data storage while losing little information. In this paper, a resource conserving sampling technique is proposed to improve detection of less frequent patterns from huge network traffic under the fixed data storage capacity of the system. Such less frequent patterns are often related to subtle network intrusion activities. Experiments using the 1998 DARPA intrusion Detection Dataset have validated the effectiveness of the proposed scheme.