Abstract
The fundamental task of the Network Traffic Analysis is the ability of capturing and monitoring all the network traffics (incoming and outgoing) for local area network LAN and how the network analyzer is able to analyze and detect errors or any type of suspicious activities such as intruders. The idea of this research is to use flexible packet filtering to filter out the captured network traffics. The proposed packet inspection will isolate the captured traffics based on their source using traffic source separation ‘TSS’ strategy, during the separation operation the traffic signature will be examined with the stored signatures of the system database using Traffic Signature Matching. The experiment results shows that by using a User Profile Filter (UPF) that will be based on SVM and examining the traffic signature, the total of error received from the traffic classifier has been reduced to 0.5% and the traffic capturing speed has been increased in comparing with the standard methods of the traffic analyzers.
Highlights
The Network Traffic Analysis is the tool that allows users to monitor and view the network traffics details
Our latest test has been done in the same environment but this time using our proposed new method that filter traffics using flexible packet filtering and separating the captured traffics based on their source to enhance the classification operation and using the support vector machine algorithm to recognize anomaly attacks and constructing a reliable user profile
Our system results appear as the following; almost all types of traffics have been captured and the traffic filtering speed over the number of captured traffics has been increased up to 15% per mint comparing to our previous method that has been used in the majority of network analyzers
Summary
The Network Traffic Analysis is the tool that allows users to monitor and view the network traffics details. In this research we have merged the analyzed results for both of the flexible packet filtering and the support vector machine algorithm that we used to get the better classification of the captured network traffics and to detect anomalies. This method will help improving the abilities of the network analyzer to determine whether the captured traffics are normal or have an anomaly behavior with an expected of a very low rate of false alarm. Most anomaly detection methods are limited to analyze the entire traffic as one entity, which makes them unable to quantify network anomalies and their validities are affected when many anomalous activities occur simultaneously (John and Tafvelin, 2007)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
