Trap Sampling with Applications in DoS Attack Detection

Abstract: This thesis takes a predominantly theoretical approach to the problem of detecting and mitigating Denial of Service (DoS) attacks using a novel application of stratified sampling we call trap sampling. The core theoretical contributions are two new proofs: (1) that the variance of Poisson Binomial random variables is less than or equal to that of a suitably chosen Binomial distribution, and (2) that the right-tail probability of the Poisson Binomial distribution is similarly bounded. These results hold under conditions directly relevant to network traffic analysis, where non-identical success probabilities often arise. In addition to a rigorous theoretical treatment, this work presents experimental comparisons that validate the proposed methods. We evaluate and compare commonly used DoS detection metrics under two sampling paradigms: uniform random sampling and our proposed trap sampling. Results indicate that trap sampling can substantially improve detection effectiveness while controlling false alarm rates, illustrating both the theoretical underpinnings and practical feasibility of our approach.