Successfully reported this slideshow.
Your SlideShare is downloading. ×

spatio final.ppt

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 26 Ad

More Related Content

Advertisement

spatio final.ppt

  1. 1. By Your name
  2. 2. ABSTRACT  Internet traffic anomaly detection mechanism  Large Deviations Results For Empirical Measures  Traffic over short time intervals to which we will refer to as time buckets
  3. 3.  we continuously monitor traffic and employ large deviations and decision theory results  In this our framework can be used to monitor traffic from multiple network elements in order to identify both spatial and temporal anomalies Contd..
  4. 4. EXISTING SYSTEM  Significant progress has been made in network monitoring instrumentation  Automated on-line traffic anomaly detection is still a missing component of modern network security  Signature-based anomaly detection where known patterns of past anomalies are used to identify on going anomalies.  Anomaly detection which identifies patterns that substantially deviate from normal patterns of operation.
  5. 5. Demerits  Still a missing component of modern network security  Packet loss  Traffic increase  Time latency
  6. 6. PROPOSED SYSTEM  Statistical methods are used to assess deviations from normal operation.  Our main contribution is the introduction of a new statistical traffic anomaly detection framework .  Identifying deviations of the empirical measure of some underlying stochastic process characterizing system behavior.  we are not trying to characterize the abnormal operation, mainly because it is too complex to identify all the possible anomalous instances
  7. 7. Contd..  we continuously monitor the system to identify time instances where system behavior does not appear to be normal.  we propose two methods to characterize normal behavior.  A model-free approach employing the method of types to characterize the type of an independent and identically distributed sequence of appropriately averaged system activity.  A model-based approach where system activity is modeled using a markov modulated process (MMP)
  8. 8. Markov Modulated Process  MMP approaches can work with vector characterizations and identify spatio-temporal anomalies  Markovian structure as it is tractable and has been shown to represent traffic well  At least for the purpose of estimating distribution- dependent metrics like loss probabilities packets
  9. 9. HARDWARE REQUIREMENT System : Pentium IV 2.4 GHz. Hard Disk : 40 GB. Ram : 256 Mb. Floppy Drive : 1.44 Mb. Monitor : 15 VGA Color. Mouse : Logitech.
  10. 10. SOFTWARE REQUIREMENT Operating system : Windows XP Professional.  Coding Language : Java.  Tool Used : Eclipse.
  11. 11. MODULES  System model  Model-free approach  Model Based Markov modulated process  Graphical process
  12. 12. System model  We design the client and server  The server will used to select the minimum traffic path  Client used to communicated with the sever for transform the data  We used MMP model on sever side to reduced the anomaly in the network in less time
  13. 13. Model-free approach  Detect temporal network anomalies  We assume that the traffic trace we monitor (in bits/bytes/packets/ flows per time unit), corresponding to a specific time-of-day interval  Temporal correlations tend to become weaker over longer time intervals
  14. 14. Model Based Markov modulated process  It increases the response time to an anomaly since data is being processed on the slower time-scale of time buckets  Once we obtain the MMP model from an anomaly-free trace we are interested  comparing ongoing traffic activity to the model in order to identify potential deviations
  15. 15. Graphical process  We represent the anomaly detection over the IP that will show on graph  Graph process of MMP model  To reduced the traffic over the network  And reduced the time latency
  16. 16. DATA FLOW DIAGRAM(DFD)
  17. 17. Merits  Detection Rate  Anomalies identified by the algorithm to the total number of existing anomalies  False Alarms are erroneous anomaly decisions.
  18. 18. Conclusion
  19. 19. Future enhancement  Interesting to analyze the robustness of the anomaly detection mechanism to various model parameters  Investigate how it can be embedded on routers or other network devices
  20. 20. Appendix
  21. 21. Screen shot
  22. 22. Reference  M. Roesch, “Snort—Lightweight intrusion detection for networks,” in LISA ’99: Proc. 13th USENIX Conf. System Administration, Seattle, WA, Nov. 1999, pp. 229–238.  V. Paxson, “Bro: A system for detecting network intruders in realtime,” Computer Networks, vol. 31, no. 23–24, pp. 2435–2463, 1999.  P. Barford, J. Kline, D. Plonka, and A. Ron, “A signal analysis of network traffic anomalies,” in Proc. ACM SIGCOMM Workshop on Internet Measurement, Marseille, France, Nov. 2002, pp. 71–82.  R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, 2000
  23. 23.  Query

×