Detecting an Anomaly Behavior through Enhancing the Mechanism of Packet Filtering
- 1 University Putra Malaysia, Malaysia
Abstract
The fundamental task of the Network Traffic Analysis is the ability of capturing and monitoring all the network traffics (incoming and outgoing) for local area network LAN and how the network analyzer is able to analyze and detect errors or any type of suspicious activities such as intruders. The idea of this research is to use flexible packet filtering to filter out the captured network traffics. The proposed packet inspection will isolate the captured traffics based on their source using traffic source separation ‘TSS’ strategy, during the separation operation the traffic signature will be examined with the stored signatures of the system database using Traffic Signature Matching. The experiment results shows that by using a User Profile Filter (UPF) that will be based on SVM and examining the traffic signature, the total of error received from the traffic classifier has been reduced to 0.5% and the traffic capturing speed has been increased in comparing with the standard methods of the traffic analyzers.
DOI: https://doi.org/10.3844/jcssp.2015.784.793
Copyright: © 2015 Mohammed Nazeh Abdul Wahid and Azizol Abdullah. This is an open access article distributed under the terms of the
Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 3,045 Views
- 2,209 Downloads
- 0 Citations
Download
Keywords
- Network Traffic Analysis
- Packet Filtering
- Anomaly Detection
- User Profile Filter
- Support Vector Machine
- Traffic Signature Matching