STATISTICAL TECHNIQUES FOR DETECTING TRAFFIC ANOMALIES THROUGH PACKET HEADER DATA-NETWORKING
Abstract: THE frequent attacks on network infrastructure, using various forms of denial of service (DoS) attacks and worms, have led to an increased need for developing techniques for analyzing and monitoring network traffic. If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and take action to suppress them before they have had much time to propagate across the network. In this paper, we study the possibilities of traffic-analysis based mechanisms for attack and anomaly detection. The motivation for this work came from a need to reduce the likelihood that an attacker may hijack the campus machines to stage an attack on a third party. A campus may want to prevent or limit misuse of its machines in staging attacks, and possibly limit the liability from such attacks. In particular, we study the utility of observing packet header data of outgoing traffic, such as destination addresses, port numbers and the number of flows, in order to detect attacks/anomalies originating from the campus at the edge of a campus. Detecting anomalies/attacks close to the source allows us to limit the potential damage close to the attacking machines. Traffic monitoring close to the source may enable the network operator quicker identification of potential anomalies and allow better control of administrative domainâ„¢s resources. Attack propagation could be slowed through early detection. Our approach passively monitors network traffic at regular intervals and analyzes it to find any abnormalities in the aggregated traffic. By observing the traffic and correlating it to previous states of traffic, it may be possible to see whether the current traffic is behaving in a similar (i.e., correlated) manner. The network traffic could look different because of flash crowds, changing access patterns, infrastructure problems such as router failures, and DoS attacks. In the case of bandwidth attacks, the usage of network may be increased and abnormalities may show up in traffic volume. Flash crowds could be observed through sudden increase in traffic volume to a single destination. Sudden increase of traffic on a certain port could signify the onset of an anomaly such as worm propagation. Our approach relies on analyzing packet header data in order to provide indications of
Possible abnormalities in the traffic. .NET
please send me full report please its very urgent
please send me the report its very urgent plz
Statistical Techniques for Detecting Traffic Anomalies
Through Packet Header Data
This project aims at Creating a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router.The inspiration of this project is to prevent a attacker to hijack the campus machines to stage an attack on a third party. The packet header data of outgoing traffic is scanned to accomplish this, such as destination addresses, port numbers and the number of flows, in order to detect attacks/anomalies originating from the campus at the edge of a campus.The Traffic monitoring close to the source may enable the network operator quicker identification of potential anomalies. early detection of the attack can reduce the Attack propagation or slow it down.
In this approach, the network traffic is passively monitored at regular intervals and is analyzed to find any abnormalities in the aggregated traffic. By correlating it to previous states of traffic, it can be determined whether the current traffic is behaving in a similar (i.e., correlated) manner. Through this flash crowds, router failures, DoS attacks, bandwidth attacks etc can be detected.
for full details, refer this doc :
can i have more information on this project??this have been approved as my project topic..
Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data
This project proposes a traffic anomaly detector, operated in postmortem and in real-time, by passively monitoring packet headers of traffic. The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing techniques for analyzing network traffic.
If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to take action to contain the attacks appropriately before they have had time to propagate across the network.
In this project, we suggest a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router. This address correlation data are transformed using discrete wavelet transform for effective detection of anomalies through statistical analysis.
Results from trace-driven evaluation suggest that proposed approach could provide an effective means of detecting anomalies close to the source. We also present a multidimensional indicator using the correlation of port numbers and the number of flows as a means of detecting anomalies
Processor Type : Pentium -IV
Speed : 2.4 GHZ
Ram : 1 GB RAM
Hard disk : 160 GB HD
Operating System : Win XP service Pack 2
Programming Package : Visual Studio.NET 2008
Front End : Asp. net, C#
Dot net frame work : 3.5
Server : IIS Server
In this older system we have use the Instruction Detection system (IDS) and some of the firewalls. This is the main drawback of the system. Here also use the packet filtering and packet marking. These two are the main features in the older system. In packet filtering we can filter the packet shaped messages only. Then packet marking we cant get some special kind of messages. So these are the drawbacks of the system. Here also use the ICMP trace back messages. Here we can get the proper trace out messages.
Due to the variations in bandwidth, latency and loss rate on different channels, link striping suffers from packet reordering thereby adversely affecting the performance of any QoS concerned applications. Hardware-based solutions often prolong transmission latency which is undesirable for delay sensitive applications and are restricted with the available buffer space on the device. So all these drawbacks we can use the new system
In this proposed system we use the attacker spoofs bread crumbs. Older versions we having some problems for sending the messages. Using the spoofs and crumbs we can get the messages clearly and security. Then also provide the authentication for users. This system is more efficient and security.
Then we get the cheap digital signatures for bread crumbs. Using the digital signatures we can increase the security level of getting the messages. The client can send the request to the server then the server get the message from the server clearly. Using these above steps we can get the clear and secret messages.
we first propose a sequence preserving scheduling (SPS) scheme to schedule packets among multiple heterogeneous communication channels assuming that the workload is perfectly divisible. We analyze the throughput and derive expressions for the batch size, scheduling time and the maximum number of channels that can be supported by the sender and receiver.
Effectively schedule variable length packets for link striping, we propose a packetized sequence preserving scheduling (P-SPS) scheme by applying a combined packetized technique of deficit round robin (DRR) and surplus round robin (SRR).
Shortest path finding to implement
Packet scheduling module
Applying divisible load theory
I need architecture design in statistical techniques for detecting traffic anomalies through packet header data and problem definition, modules description,reference books, websites.
I want problem definition, architecture design diagram, module description for login, client, ingress router, egress router, file sending;Reference books and websites.[/font]