Analyze university network traffic to explore usage behaviour and to detect malicious activities

It is crucial to understand patterns of university traffic and usage behaviour of end users. We address the problem of identifying malicious activities and understanding Internet usage within the university campus. This paper aims at discovering the hidden patterns based on the analysis done on the captured traffic. To tackle the problem, systematically traffic is captured, filtered, managed and then analyzed. Our approach gives analysis based on some python scripts and some open source tools which gives flexibility for distribution and code modification.

[1]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[2]  James Won-Ki Hong,et al.  A flow-based method for abnormal network traffic detection , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[3]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[4]  Shun-Zheng Yu,et al.  Machine Learned Real-Time Traffic Classifiers , 2008, 2008 Second International Symposium on Intelligent Information Technology Application.

[5]  Kensuke Fukuda,et al.  Seven Years and One Day: Sketching the Evolution of Internet Traffic , 2009, IEEE INFOCOM 2009.

[6]  Maria Kihl,et al.  Traffic analysis and characterization of Internet user behavior , 2010, International Congress on Ultra Modern Telecommunications and Control Systems.

[7]  Vyas Sekar,et al.  Analyzing large DDoS attacks using multiple data sources , 2006, LSAD '06.

[8]  Shobha Venkataraman,et al.  Traffic analysis for network security using learning theory and streaming algorithms. , 2011 .

[9]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[10]  A. L. Narasimha Reddy,et al.  Modeling TCP behavior in a differentiated services network , 2001, TNET.

[11]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[12]  János Szüle,et al.  Multi-level Machine Learning Traffic Classification System , 2012, ICON 2012.

[13]  Jugal K. Kalita,et al.  Survey on Incremental Approaches for Network Anomaly Detection , 2011, Int. J. Commun. Networks Inf. Secur..

[14]  Peter Stone,et al.  Multiagent traffic management: an improved intersection control mechanism , 2005, AAMAS '05.

[15]  Natarajan Meghanathan,et al.  Tools and techniques for Network Forensics , 2010, ArXiv.

[16]  Dawn Xiaodong Song,et al.  Tracking Dynamic Sources of Malicious Activity at Internet Scale , 2009, NIPS.

[17]  R. Wilder,et al.  Wide-area Internet traffic patterns and characteristics , 1997, IEEE Netw..

[18]  Vinod Yegneswaran,et al.  Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.