INTRUSION DETECTION SYSTEM

Graphical Detection of Network Traffic Anomalies

Abstract

Intrusion Detection System is now an important part of every networking infrastructure. It needs to be incorporated in every big or small infrastructure to make sure that the network is secured from intruders. Any activity that is harmful for the network should be avoided. IDS works on mainly two kinds of techniques that are signature based and anomaly based. Each technique has its own pros and cons. Extensive research and working is being done in this domain of networking. This paper also discusses them in detail.Graphical Detection of Network Traffic Anomalies

Introduction

Internet is the fastest growing domain in the present world. It is the most easily accessible search platform for the knowledge seekers. With its ever increasing size, the problems of complexity and security are increasing at even greater speed. This domain attracts hackers the most. As on one side people are getting benefitted from internet, their concerns for the security and safety of their networks are also increasing at an unprecedented rate.

Thus forming an efficient and robust system to detect the anomalous behaviour of network traffic has become an essential part of every system. For the purpose, intrusion detection and prevention systems have been formed. These are defence system that detects and protects the networks from undesirable intruders. These protect systems from hostile activities. These systems have the core task to identify all the abnormal activities, deviating from the baseline, encountered by the systems. Not necessarily all these activities or accessions are harmful, but to keep systems on a safe side these systems are incorporated in the infrastructure of all networks.

Since every domain related to internet is advancing at an exceptional rate, therefore the attacking and hacking techniques are advancing too. Many tools have been introduced that make this task of intruding easy. Therefore the security systems have to be more robust to provide effective counter measures to prevent these activities.



Network Traffic Anomalies

This refers to the deviation of the network traffic from the routine pattern. It is necessary to detect such patterns in order to make sure that the system is not being attacked by any harmful intruder. Network traffic has been studied for the purpose. It is an essential part of any networking infrastructure to incorporate such systems to administrate the routers and switches for anomalous traffic detection. These systems adopt specific policies and threshold levels are defined to them so that any anomalous activity is detected on the spot.

This is necessary because sooner the problem is detected, the better and quick it is solved. These traffic anomalies are identified on two bases, either by similarities or by differences. Network traffic has invariant characteristics and considering these, network traffic anomalies are differentiated into groups. Network operation anomalies include the significant changes in the traffic behaviour caused by changes in operation of the system. These anomalies occur when the configuration settings are altered like when rate limits are changed or some new devices are ...