Abstract:
A variety of anomalies can exist in a network‟s traffic i.e. physical network breakdown,
configuration changes, routing misconfigurations; maintenance, port scans, flash crowds,
and attacks such as flooding, malformed packets, and exploits. These anomalies result in
large volumes of unwanted network traffic (benign or malicious), which reduces the
effective capacity of a given network. It is a well-known observation that the volume of
unwanted network traffic, especially on the Internet, is constantly increasing. It is
important for network administrators and engineers to devise solutions for automatic
anomaly detection in network traffic. The tools for automatically detecting anomalies in
network traffic are commonly termed as the network Anomaly Detection Systems
(ADSs). Network ADSs are designed to model the benign state of a network and then flag
deviations from the baseline. Network ADSs have to work with an increasingly diverse
set of applications over networks such as data, voice, video, etc. The business of many
enterprisers depend on providing and maintaining a reliable network. Their clients
demand a strict assurance that the network will meet the agreed reliability requirements.
For example, banks and other financial institutions carry out important e-business
transactions 24 hours a day 7 days a week and simply cannot afford any downtime. So, In
order to cater for all these and a lot more ever changing situations we need a reliable
generic Network Anomaly detector which is dynamic and does not depend upon any static
assumption.
The important features of our proposed project are:
1. It is protocol/application independent
2. It operates directly on the network traffic stream and supports monitoring of
packets and flows
3. It leverages both spatial and temporal features from the network traffic
4. It uses an anomaly classifier that detects deviations from the baseline
5. And finally, an alarm is raised either in space (packet field listing) or in time (time
window labeling).
