scholarly journals A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

Sensors ◽  
2020 ◽  
Vol 20 (6) ◽  
pp. 1637 ◽  
Author(s):  
Wenguang Song ◽  
Mykola Beshley ◽  
Krzysztof Przystupa ◽  
Halyna Beshley ◽  
Orest Kochan ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Network Traffic ◽  
Anomalous Behavior ◽  
Hurst Parameter ◽  
Inspection System ◽  
Deep Packet Inspection ◽  
Wide Range ◽  
Packet Inspection ◽  
Time Required ◽  
Network Anomalies

In this paper, to solve the problem of detecting network anomalies, a method of forming a set of informative features formalizing the normal and anomalous behavior of the system on the basis of evaluating the Hurst (H) parameter of the network traffic has been proposed. Criteria to detect and prevent various types of network anomalies using the Three Sigma Rule and Hurst parameter have been defined. A rescaled range (RS) method to evaluate the Hurst parameter has been chosen. The practical value of the proposed method is conditioned by a set of the following factors: low time spent on calculations, short time required for monitoring, the possibility of self-training, as well as the possibility of observing a wide range of traffic types. For new DPI (Deep Packet Inspection) system implementation, algorithms for analyzing and captured traffic with protocol detection and determining statistical load parameters have been developed. In addition, algorithms that are responsible for flow regulation to ensure the QoS (Quality of Services) based on the conducted static analysis of flows and the proposed method of detection of anomalies using the parameter Hurst have been developed. We compared the proposed software DPI system with the existing SolarWinds Deep Packet Inspection for the possibility of network traffic anomaly detection and prevention. The created software components of the proposed DPI system increase the efficiency of using standard intrusion detection and prevention systems by identifying and taking into account new non-standard factors and dependencies. The use of the developed system in the IoT communication infrastructure will increase the level of information security and significantly reduce the risks of its loss.

Application-Enabled Collaborative Networking

2015 ◽  
pp. 119-136
Author(s):  
Tirumaleswar Reddy ◽  
Prashanth Patil ◽  
Anca Zamfir
Keyword(s):  
Flow Characteristics ◽  
User Preferences ◽  
Deep Packet Inspection ◽  
User Privacy ◽  
Network Nodes ◽  
Wide Range ◽  
Collaborative Networking ◽  
Adaptive Time ◽  
Packet Inspection ◽  
Flow Treatment

Identification and treatment of application flows are important to many application providers and network operators. They often rely on these capabilities to deploy and/or support a wide range of applications. These applications generate flows that may have specific characteristics such as bandwidth or latency that can be met if made known to the network. Historically, this functionality has been implemented to the extent possible using heuristics that inspect and infer flow characteristics. Heuristics may be based on port numbers, network identifiers (e.g., subnets or VLANs, Deep Flow Inspection (DFI), or Deep Packet Inspection (DPI)). However, many application flows in current usages are dynamic, adaptive, time-bound, encrypted, peer-to-peer (P2P), asymmetric, used on multipurpose devices, and/ or have different priorities depending on the direction of the flow, user preferences, and other factors. Any combination of these properties renders heuristic-based techniques less effective and may result in compromises to application security or user privacy. Application-enabled collaborative networking (AECN) is a framework in which applications explicitly signal their flow characteristics and requirements to the network. This provides network nodes with knowledge of the application flow characteristics, which enables them to apply the correct flow treatment and provide feedback to applications accordingly. This chapter describes how an application enabled collaborative networking framework contributes to solve the encountered problems.

scholarly journals Software Methodology for Estimating the Efficiency of the Hardware Composition of Deep Packet Inspection System Using the Modernized Hooke ‒ Jeeves Method

2021 ◽  
Vol 7 (1) ◽  
pp. 132-140
Author(s):  
V. Fitsov
Keyword(s):  
Mathematical Model ◽  
Traffic Flow ◽  
Communication Networks ◽  
Inspection System ◽  
Deep Packet Inspection ◽  
Maximum Element ◽  
Software Methodology ◽  
Monotonically Decreasing Function ◽  
Inspection Systems ◽  
Packet Inspection

Deep packet inspection systems on communication networks are used to identify the application generating a specific traffic flow. The issues related to modeling and design of deep packet inspection systems remain poorly understood. In this paper, a software technique for evaluating the effectiveness of the hardware composition of the servers of the deep packet inspection system is presented, using a mathematical model of such a system and software search methods. The description of the program search by the maximum element method and the Hook - Jeeves method is given. A modernization of the Hook-Jeeves method for a monotonically decreasing function is proposed. Comparison of the methods by the number of search steps is performed.

ANOMALY DETECTION OF EVENTS IN CROWDED ENVIRONMENT AND STUDY OF VARIOUS BACKGROUND SUBTRACTION METHODS

2017 ◽  
Vol 5 (1) ◽  
pp. 32
Author(s):  
Meenal Suryakant Vatsaraj ◽  
Rajan Vishnu Parab ◽  
D S Bade
Keyword(s):  
Anomaly Detection ◽  
Random Field ◽  
Markov Random Field ◽  
Background Subtraction ◽  
Region Of Interest ◽  
Gaussian Mixture ◽  
Anomalous Behavior ◽  
Markov Random ◽  
Wide Range ◽  
Spatio Temporal

Anomalous behavior detection and localization in videos of the crowded area that is specific from a dominant pattern are obtained. Appearance and motion information are taken into account to robustly identify different kinds of an anomaly considering a wide range of scenes. Our concept based on a histogram of oriented gradients and Markov random field easily captures varying dynamic of the crowded environment.Histogram of oriented gradients along with well-known Markov random field will effectively recognize and characterizes each frame of each scene. Anomaly detection using artificial neural network consist both appearance and motion features which extract within spatio temporal domain of moving pixels that ensures robustness to local noise and thus increases accuracy in detection of a local anomaly with low computational cost.To extract a region of interest we have to subtract background. Background subtraction is done by various methods like Weighted moving mean, Gaussian mixture model, Kernel density estimation. 

Traffic Anomalies in Surveillance Videos: Recent Trends

2020 ◽  
Vol 17 (1) ◽  
pp. 13-20
Author(s):  
V. Prasath ◽  
K. Deepak ◽  
S. Chandrakala
Keyword(s):  
Anomaly Detection ◽  
Weather Conditions ◽  
Anomalous Behavior ◽  
Data Sets ◽  
Traffic Surveillance ◽  
Wide Range ◽  
Recent Trends ◽  
Increasing Demand ◽  
Traffic Anomaly ◽  
Traffic Anomaly Detection

There is an increasing demand for automated traffic surveillance with a wide range of threats in road safety and less man power to monitor them. Especially, detecting anomalous behavior in traffic surveillance is challenging because of the presence of occlusion, weather conditions, and pose variations. This paper reviews the recent trends on vision based traffic anomaly detection. Various features, modeling techniques and data sets used in traffic anomaly detection are reviewed.

scholarly journals Using Burstiness for Network Applications Classification

2019 ◽  
Vol 2019 ◽  
pp. 1-10 ◽  
Author(s):  
Hussein Oudah ◽  
Bogdan Ghita ◽  
Taimur Bakhshi ◽  
Abdulrahman Alruban ◽  
David J. Walker
Keyword(s):  
Network Traffic ◽  
Idle Time ◽  
Machine Learning Algorithms ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
Internet Communication ◽  
Network Applications ◽  
Network Traffic Classification ◽  
Network Application ◽  
Packet Inspection

Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.

Sign in / Sign up

Export Citation Format

Share Document