-
8/7/2019 First Review Clustering
1/12
An Efficient ClusteringAn Efficient ClusteringScheme to
ExploitScheme to Exploit
Hierarchical Data in NetworkHierarchical Data in Network
Traffic AnalysisTraffic Analysis
-
8/7/2019 First Review Clustering
2/12
AbstractAbstract
There is significant need to improve existing techniques
forThere is significant need to improve existing techniques
forclustering multivariate network traffic flow record
andclustering multivariate network traffic flow record andquickly
infer underlying traffic patterns.quickly infer underlying traffic
patterns.
we investigate the use of clustering techniques to identifywe
investigate the use of clustering techniques to identifyinteresting
traffic patterns from network traffic data in aninteresting traffic
patterns from network traffic data in anefficient manner.efficient
manner.
A framework is developed to deal with mixed typeA framework is
developed to deal with mixed typeattributes including numerical,
categorical, and hierarchicalattributes including numerical,
categorical, and hierarchicalattributes.attributes.
We demonstrate the improved accuracy and efficiency ofWe
demonstrate the improved accuracy and efficiency ofour approach in
clustering network traffic.our approach in clustering network
traffic.
-
8/7/2019 First Review Clustering
3/12
Existing SystemExisting System
Categorization based Network monitoringCategorization based
Network monitoring(Auto Focus) techniques(Auto Focus)
techniques
Traffic matrixTraffic matrix Traffic volumeTraffic volume
Traffic dynamicsTraffic dynamics
Traffic mixtureTraffic mixture
-
8/7/2019 First Review Clustering
4/12
DisadvantagesDisadvantages
It does not has Hierarchical ClassificationIt does not has
Hierarchical Classification
DOS Attacker can not be FoundDOS Attacker can not be Found
No Intimation for any violationNo Intimation for any
violation
-
8/7/2019 First Review Clustering
5/12
Proposed SystemProposed System
Hierarchical, distanceHierarchical, distance--based clustering
schemebased clustering scheme(Echidna).(Echidna).
To summarize the main types of traffic flows thatTo summarize
the main types of traffic flows that
are observed in a network.are observed in a network.
Introduction of a new distance measure forIntroduction of a new
distance measure forhierarchically structured attributes such as
IPhierarchically structured attributes such as IPaddresses and a
set of heuristics.addresses and a set of heuristics.
Summarize and compress reports of significantSummarize and
compress reports of significant
traffic clusters from a hierarchical clusteringtraffic clusters
from a hierarchical clusteringalgorithm.algorithm.
-
8/7/2019 First Review Clustering
6/12
AdvantagesAdvantages
It has System based HierarchicalIt has System based
HierarchicalClassificationClassification
Efficient Network Traffic MonitoringEfficient Network Traffic
MonitoringInfer of underlying patterns for multivariateInfer of
underlying patterns for multivariate
traffic flowstraffic flows
It Identify DOS AttackIt Identify DOS Attack
-
8/7/2019 First Review Clustering
7/12
Requirement AnalysisRequirement Analysis
SOFTWARE REQUIREMENTS:SOFTWARE REQUIREMENTS:--Java1.3 or
MoreJava1.3 or More
Java SwingJava Swing front endfront end
SQLSQL--back endback endWindows 98 or more.Windows 98 or
more.
HARDWARE REQUIREMENTS:HARDWARE REQUIREMENTS:--Hard diskHard disk
:: 40 GB40 GB
RAMRAM :: 265 MB or more265 MB or more
ProcessorProcessor :: Pentium III Processor orPentium III
Processor ormoremore
-
8/7/2019 First Review Clustering
8/12
ModulesModules
Tree constructionTree construction
Traffic analysisTraffic analysis
System classificationSystem classificationNetwork
managementNetwork management
-
8/7/2019 First Review Clustering
9/12
Modules DescriptionModules Description
Tree constructionTree constructionIn this module we construct a
topology with individual Nodes which isIn this module we construct
a topology with individual Nodes which istree based. Tree consists
of a number of nodes in hierarchical ordertree based. Tree consists
of a number of nodes in hierarchical orderi.e. root node, parent
nodes and child nodes. With this topology wei.e. root node, parent
nodes and child nodes. With this topology weenable our transmission
of messages. We clusters the tree topologyenable our transmission
of messages. We clusters the tree topology
based on the hierarchy level. Collecting Nodes ip address, port,
clusterbased on the hierarchy level. Collecting Nodes ip address,
port, clusterlevel details, it maintain in the network monitoring
system.level details, it maintain in the network monitoring
system.
Traffic analysisTraffic analysisIn this module we analyze the
traffic and classify them as per theirIn this module we analyze the
traffic and classify them as per theirattributes. This process is
done by a initial analysis of the overallattributes. This process
is done by a initial analysis of the overall
network traffic and the traffic is classified into 3 types and
they arenetwork traffic and the traffic is classified into 3 types
and they areNumerical data, Categorical data, Hierarchal data
.Source IP andNumerical data, Categorical data, Hierarchal data
.Source IP andDestination IP are hierarchical attributes, byte
details is numericalDestination IP are hierarchical attributes,
byte details is numericalattributes , and the type of protocol ,
message type are categoricalattributes , and the type of protocol ,
message type are categoricalattributes.attributes.
-
8/7/2019 First Review Clustering
10/12
System classificationSystem classificationIn this module we
classify the systems in the network based on itsIn this module we
classify the systems in the network based on itscluster hierarchy.
It has done using hierarchical data. If traffic occurscluster
hierarchy. It has done using hierarchical data. If traffic occursin
the network means, the monitoring System find out the attackerin
the network means, the monitoring System find out the
attackersystem by using this system classification. Source IP and
Port detailssystem by using this system classification. Source IP
and Port details
notify the attacker system among the network Based on the
systemnotify the attacker system among the network Based on the
systemclassification data classification is done.classification
data classification is done.Network managementNetwork
management
In this module we analyze the traffic flow in the network. The
flow ofIn this module we analyze the traffic flow in the network.
The flow ofdata and usage level of each node is monitored. As per
their usagedata and usage level of each node is monitored. As per
their usagethey are classified and placed in the corresponding
table as per theirthey are classified and placed in the
corresponding table as per theirusage. The higher usage system and
lower usage systems are marked.usage. The higher usage system and
lower usage systems are marked.If traffic occurs in the network,
the management system sends theIf traffic occurs in the network,
the management system sends thewarning message to attacker system
and also discards the DOSwarning message to attacker system and
also discards the DOSattacker exceeding packets.attacker exceeding
packets.
-
8/7/2019 First Review Clustering
11/12
Architecture DiagramArchitecture Diagram
N1
N3
N2
Root
N4 N5 N6
Monitor the Networkusing Echidnamethod
-
8/7/2019 First Review Clustering
12/12
Data Flow diagram:Data Flow diagram:Send
thepackets
Cluster the treenetwork
Monitor the network
Hierarchical, categorical,numerical, Classification
Check the packets on networkfor Avoid the DOS Attack
Receiver
receive thedata
