Study and analysis of network behaviour for anomaly detection

Abstract

The proposed work addresses the issues related to the network newlineintrusion and the mechanism to detect them. An intrusion is a set of sequence of newlineactions taken on a computer or network to affect the performance of the computer newlinein terms of its behavior in communication with the respect of the world. Intrusion newlinedetection is a set of tools and methods to distinguish illegal actions on the newlinecomputer system or network either available as software or hardware. An intrusion newlinedetection system (IDS) can detect various kinds of attacks in a network and host newlinecomputer. For detection, the system monitors network traffic in promiscuous newlinemode, and collects the traffic for the further analysis. Data that are collected from newlinevarious sources are analyzed and if malicious activity is detected, the intrusion newlinedetection system alerts the administrator and/or right stakeholders. The IDS is newlinebroadly classified into misuse detection, anomaly detection and the combination newlineof both. The detection can be done both at system and network level. The IDS can newlinebe deployed at one or more location as per the requirements. The Network IDS newline(NIDS) analyze the traffic in terms of where it emanates, destined to whom, size newlineof the traffic, duration of the session, what kind of applications, types of newlineconnection, header information. For any flow of traffic, it can be characterized by newlinewhether it is normal or abnormal. The statistical information about the traffic flow newlineis summarized as a record of data which is fed as input for the proposed NIDS. newlineAlready a set of benchmark data is made available in the form of dataset by the newlineresearchers in the network domain. newlineSome of the popular datasets are KDDCUP 99, NSL-KDD, newlineCICIDS2017, which we have chosen for our experimentation. Some of the attacks newlineencountered in the data flow includes Denial of Service Attack, User to Root newlineAttack, Remote to Local Attack, Probing or infiltration Attack, Brute Force newlineAttack, Heartbleed Attack, Distributed Denial of Service, and Web Attack. newline