Upload
sai-nadh
View
223
Download
0
Embed Size (px)
Citation preview
8/7/2019 First Review Clustering
1/12
An Efficient ClusteringAn Efficient ClusteringScheme to ExploitScheme to Exploit
Hierarchical Data in NetworkHierarchical Data in Network
Traffic AnalysisTraffic Analysis
8/7/2019 First Review Clustering
2/12
AbstractAbstract
There is significant need to improve existing techniques forThere is significant need to improve existing techniques forclustering multivariate network traffic flow record andclustering multivariate network traffic flow record andquickly infer underlying traffic patterns.quickly infer underlying traffic patterns.
we investigate the use of clustering techniques to identifywe investigate the use of clustering techniques to identifyinteresting traffic patterns from network traffic data in aninteresting traffic patterns from network traffic data in anefficient manner.efficient manner.
A framework is developed to deal with mixed typeA framework is developed to deal with mixed typeattributes including numerical, categorical, and hierarchicalattributes including numerical, categorical, and hierarchicalattributes.attributes.
We demonstrate the improved accuracy and efficiency ofWe demonstrate the improved accuracy and efficiency ofour approach in clustering network traffic.our approach in clustering network traffic.
8/7/2019 First Review Clustering
3/12
Existing SystemExisting System
Categorization based Network monitoringCategorization based Network monitoring(Auto Focus) techniques(Auto Focus) techniques
Traffic matrixTraffic matrix Traffic volumeTraffic volume
Traffic dynamicsTraffic dynamics
Traffic mixtureTraffic mixture
8/7/2019 First Review Clustering
4/12
DisadvantagesDisadvantages
It does not has Hierarchical ClassificationIt does not has Hierarchical Classification
DOS Attacker can not be FoundDOS Attacker can not be Found
No Intimation for any violationNo Intimation for any violation
8/7/2019 First Review Clustering
5/12
Proposed SystemProposed System
Hierarchical, distanceHierarchical, distance--based clustering schemebased clustering scheme(Echidna).(Echidna).
To summarize the main types of traffic flows thatTo summarize the main types of traffic flows that
are observed in a network.are observed in a network. Introduction of a new distance measure forIntroduction of a new distance measure forhierarchically structured attributes such as IPhierarchically structured attributes such as IPaddresses and a set of heuristics.addresses and a set of heuristics.
Summarize and compress reports of significantSummarize and compress reports of significant
traffic clusters from a hierarchical clusteringtraffic clusters from a hierarchical clusteringalgorithm.algorithm.
8/7/2019 First Review Clustering
6/12
AdvantagesAdvantages
It has System based HierarchicalIt has System based HierarchicalClassificationClassification
Efficient Network Traffic MonitoringEfficient Network Traffic MonitoringInfer of underlying patterns for multivariateInfer of underlying patterns for multivariate
traffic flowstraffic flows
It Identify DOS AttackIt Identify DOS Attack
8/7/2019 First Review Clustering
7/12
Requirement AnalysisRequirement Analysis
SOFTWARE REQUIREMENTS:SOFTWARE REQUIREMENTS:--Java1.3 or MoreJava1.3 or More
Java SwingJava Swing front endfront end
SQLSQL--back endback endWindows 98 or more.Windows 98 or more.
HARDWARE REQUIREMENTS:HARDWARE REQUIREMENTS:--Hard diskHard disk :: 40 GB40 GB
RAMRAM :: 265 MB or more265 MB or more
ProcessorProcessor :: Pentium III Processor orPentium III Processor ormoremore
8/7/2019 First Review Clustering
8/12
ModulesModules
Tree constructionTree construction
Traffic analysisTraffic analysis
System classificationSystem classificationNetwork managementNetwork management
8/7/2019 First Review Clustering
9/12
Modules DescriptionModules Description
Tree constructionTree constructionIn this module we construct a topology with individual Nodes which isIn this module we construct a topology with individual Nodes which istree based. Tree consists of a number of nodes in hierarchical ordertree based. Tree consists of a number of nodes in hierarchical orderi.e. root node, parent nodes and child nodes. With this topology wei.e. root node, parent nodes and child nodes. With this topology weenable our transmission of messages. We clusters the tree topologyenable our transmission of messages. We clusters the tree topology
based on the hierarchy level. Collecting Nodes ip address, port, clusterbased on the hierarchy level. Collecting Nodes ip address, port, clusterlevel details, it maintain in the network monitoring system.level details, it maintain in the network monitoring system.
Traffic analysisTraffic analysisIn this module we analyze the traffic and classify them as per theirIn this module we analyze the traffic and classify them as per theirattributes. This process is done by a initial analysis of the overallattributes. This process is done by a initial analysis of the overall
network traffic and the traffic is classified into 3 types and they arenetwork traffic and the traffic is classified into 3 types and they areNumerical data, Categorical data, Hierarchal data .Source IP andNumerical data, Categorical data, Hierarchal data .Source IP andDestination IP are hierarchical attributes, byte details is numericalDestination IP are hierarchical attributes, byte details is numericalattributes , and the type of protocol , message type are categoricalattributes , and the type of protocol , message type are categoricalattributes.attributes.
8/7/2019 First Review Clustering
10/12
System classificationSystem classificationIn this module we classify the systems in the network based on itsIn this module we classify the systems in the network based on itscluster hierarchy. It has done using hierarchical data. If traffic occurscluster hierarchy. It has done using hierarchical data. If traffic occursin the network means, the monitoring System find out the attackerin the network means, the monitoring System find out the attackersystem by using this system classification. Source IP and Port detailssystem by using this system classification. Source IP and Port details
notify the attacker system among the network Based on the systemnotify the attacker system among the network Based on the systemclassification data classification is done.classification data classification is done.Network managementNetwork management
In this module we analyze the traffic flow in the network. The flow ofIn this module we analyze the traffic flow in the network. The flow ofdata and usage level of each node is monitored. As per their usagedata and usage level of each node is monitored. As per their usagethey are classified and placed in the corresponding table as per theirthey are classified and placed in the corresponding table as per theirusage. The higher usage system and lower usage systems are marked.usage. The higher usage system and lower usage systems are marked.If traffic occurs in the network, the management system sends theIf traffic occurs in the network, the management system sends thewarning message to attacker system and also discards the DOSwarning message to attacker system and also discards the DOSattacker exceeding packets.attacker exceeding packets.
8/7/2019 First Review Clustering
11/12
Architecture DiagramArchitecture Diagram
N1
N3
N2
Root
N4 N5 N6
Monitor the Networkusing Echidnamethod
8/7/2019 First Review Clustering
12/12
Data Flow diagram:Data Flow diagram:Send
thepackets
Cluster the treenetwork
Monitor the network
Hierarchical, categorical,numerical, Classification
Check the packets on networkfor Avoid the DOS Attack
Receiver
receive thedata