SCALABLE NETWORK TRAFFIC ANALYSIS AND ATTACKER DETECTION

摘要

A system for scalable network traffic analysis and attacker detection comprising a traffic collector configured to collect huge network traffic data, a query engine to convert PCAP file format into CSV format, a HADOOP cluster unit provided to store the huge network traffic data and produce datasets, a packet classifier configured to classify packet for detection of an anomaly, a loader unit to detect threat signatures and a tracing unit coupled to the packet classifier and the loader unit for detecting a geographical location of an attacker using digital maps. The packet classifier includes a machine learning algorithm for constructing a classifier model. The machine learning algorithm enables to predict traffic behavior from the constructed classifier model. The machine learning algorithm is at least one of k-nearest neighbours (KNN), Support Vector machines (SVM) and Local outlier factor (LOF). The proposed system detects both identified and novel attacks through signature-based and anomaly-based detection techniques.