Detecting an Anomaly Behavior through Enhancing the Mechanism of Packet Filtering

The fundamental task of the Network Traffic Analysis is the ability of capturing and monitoring all the network traffics (incoming and outgoing) for local area network LAN and how the network analyzer is able to analyze and detect errors or any type of suspicious activities such as intruders. The idea of this research is to use flexible packet filtering to filter out the captured network traffics. The proposed packet inspection will isolate the captured traffics based on their source using traffic source separation ‘TSS’ strategy, during the separation operation the traffic signature will be examined with the stored signatures of the system database using Traffic Signature Matching. The experiment results shows that by using a User Profile Filter (UPF) that will be based on SVM and examining the traffic signature, the total of error received from the traffic classifier has been reduced to 0.5% and the traffic capturing speed has been increased in comparing with the standard methods of the traffic analyzers.

[1]  Claudio Narduzzi,et al.  Detection of Anomalous Behaviors in Networks from Traffic Measurements , 2006, 2006 IEEE Instrumentation and Measurement Technology Conference Proceedings.

[2]  Dong Seong Kim,et al.  Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[3]  Joffroy Beauquier,et al.  Intrusion Detection based on Distance Combination , 2007 .

[4]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.

[5]  Irina Rish,et al.  Blind source separation approach to performance diagnosis and dependency discovery , 2007, IMC '07.

[6]  Wolfgang John,et al.  Analysis of internet backbone traffic and header anomalies observed , 2007, IMC '07.

[7]  Tao Qin,et al.  Monitoring Abnormal Traffic Flows Based on Independent Component Analysis , 2009, 2009 IEEE International Conference on Communications.

[8]  Surat Srinoy,et al.  Intrusion Detection Model Based On Particle Swarm Optimization and Support Vector Machine , 2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications.

[9]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[10]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[11]  G.A. Marin,et al.  Automated detection of malicious reconnaissance to enhance network security , 2005, Proceedings. IEEE SoutheastCon, 2005..

[12]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.