08-03-2011, 04:23 PM
[attachment=9808]
Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data
ABSTRACT
This project proposes a traffic anomaly detector, operated in postmortem and in real-time, by passively monitoring packet headers of traffic. The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing techniques for analyzing network traffic.
If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to take action to contain the attacks appropriately before they have had time to propagate across the network.
In this project, we suggest a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router. This address correlation data are transformed using discrete wavelet transform for effective detection of anomalies through statistical analysis.
Results from trace-driven evaluation suggest that proposed approach could provide an effective means of detecting anomalies close to the source. We also present a multidimensional indicator using the correlation of port numbers and the number of flows as a means of detecting anomalies
SYSTEM REQUIREMENTS
HARDWARE SPECIFICATION
Processor Type : Pentium -IV
Speed : 2.4 GHZ
Ram : 1 GB RAM
Hard disk : 160 GB HD
SOFTWARE SPECIFICATION
Operating System : Win XP service Pack 2
Programming Package : Visual Studio.NET 2008
Front End : Asp. net, C#
Dot net frame work : 3.5
Server : IIS Server
EXISTING SYSTEM
In this older system we have use the Instruction Detection system (IDS) and some of the firewalls. This is the main drawback of the system. Here also use the packet filtering and packet marking. These two are the main features in the older system. In packet filtering we can filter the packet shaped messages only. Then packet marking we cant get some special kind of messages. So these are the drawbacks of the system. Here also use the ICMP trace back messages. Here we can get the proper trace out messages.
Disadvantage:
Due to the variations in bandwidth, latency and loss rate on different channels, page link striping suffers from packet reordering thereby adversely affecting the performance of any QoS concerned applications. Hardware-based solutions often prolong transmission latency which is undesirable for delay sensitive applications and are restricted with the available buffer space on the device. So all these drawbacks we can use the new system
PROPOSED SYSTEM
In this proposed system we use the attacker spoofs bread crumbs. Older versions we having some problems for sending the messages. Using the spoofs and crumbs we can get the messages clearly and security. Then also provide the authentication for users. This system is more efficient and security.
Then we get the cheap digital signatures for bread crumbs. Using the digital signatures we can increase the security level of getting the messages. The client can send the request to the server then the server get the message from the server clearly. Using these above steps we can get the clear and secret messages.
we first propose a sequence preserving scheduling (SPS) scheme to schedule packets among multiple heterogeneous communication channels assuming that the workload is perfectly divisible. We analyze the throughput and derive expressions for the batch size, scheduling time and the maximum number of channels that can be supported by the sender and receiver.
Advantage:
Effectively schedule variable length packets for page link striping, we propose a packetized sequence preserving scheduling (P-SPS) scheme by applying a combined packetized technique of deficit round robin (DRR) and surplus round robin (SRR).
MODULES
Node creation
Node communication
Shortest path finding to implement
Sender module
Packet scheduling module
Applying divisible load theory
Receiver module