Outlier Detection Mechanism for Ensuring Availability in Wireless Mobile Networks Anomaly Detection

Finding things that are significantly different from, incomparable with, and inconsistent with the majority of data in many domains is the focus of the important research problem of anomaly detection. A noteworthy research problem has recently been illuminated by the explosion of data that has been gathered. This offers brand-new opportunities as well as difficulties for anomaly detection research. The analysis and monitoring of data connected to network traffic, weblogs, medical domains, financial transactions, transportation domains, and many more are just a few of the areas in which anomaly detection is useful. An important part of assessing the effectiveness of mobile ad hoc networks (MANET) is anomaly detection. Due to difficulties in the associated protocols, MANET has become a popular study topic in recent years. No matter where they are geographically located, users can connect to a dynamic infrastructure using MANETs. Small, powerful, and affordable devices enable MANETs to self-organize and expand quickly. By an outlier detection approach, the proposed work provides cryptographic property and availability for an RFID-WSN integrated network with node counts ranging from 500 to 5000. The detection ratio and anomaly scores are used to measure the system's resistance to outliers. The suggested method uses anomaly scores to identify outliers and provide defence against DoS attacks. The suggested method uses anomaly scores to identify outliers and provide protection from DoS attacks. The proposed method has been shown to detect intruders in a matter of milliseconds without interfering with authorised users' privileges. Throughput is improved by at least 6.8% using the suggested protocol, while Packet Delivery Ratio (PDR) is improved by at least 9.2% and by as much as 21.5%

A Novel Feature Set for Application Identification

Classifying Internet traffic into applications is vital to many areas, from quality of service (QoS) provisioning, to network management and security. The task is challenging as network applications are rather dynamic in nature, tend to use a web front-end and are typically encrypted, rendering traditional port-based and deep packet inspection (DPI) method unusable. Recent classification studies proposed two alternatives: using the statistical properties of traffic or inferring the behavioural patterns of network applications, both aiming to describe the activity within and among network flows in order to understand application usage and behaviour. The aim of this paper is to propose and investigate a novel feature to define application behaviour as seen through the generated network traffic by considering the timing and pattern of user events during application sessions, leading to an extended traffic feature set based on burstiness. The selected features were further used to train and test a supervised C5.0 machine learning classifier and led to a better characterization of network applications, with a traffic classification accuracy ranging between 90- 98%

Profiling and Identification of Web Applications in Computer Network

Characterising network traffic is a critical step for detecting network intrusion or misuse. The traditional way to identify the application associated with a set of traffic flows uses port number and DPI (Deep Packet Inspection), but it is affected by the use of dynamic ports and encryption. The research community proposed models for traffic classification that determined the most important requirements and recommendations for a successful approach. The suggested alternatives could be categorised into four techniques: port-based, packet payload based, host behavioural, and statistical-based. The traditional way to identifying traffic flows typically focuses on using IANA assigned port numbers and deep packet inspection (DPI). However, an increasing number of Internet applications nowadays that frequently use dynamic post assignments and encryption data traffic render these techniques in achieving real-time traffic identification. In recent years, two other techniques have been introduced, focusing on host behaviour and statistical methods, to avoid these limitations. The former technique is based on the idea that hosts generate different communication patterns at the transport layer; by extracting these behavioural patterns, activities and applications can be classified. However, it cannot correctly identify the application names, classifying both Yahoo and Gmail as email. Thereby, studies have focused on using statistical features approach for identifying traffic associated with applications based on machine learning algorithms. This method relies on characteristics of IP flows, minimising the overhead limitations associated with other schemes. Classification accuracy of statistical flow-based approaches, however, depends on the discrimination ability of the traffic features used. NetFlow represents the de-facto standard in monitoring and analysing network traffic, but the information it provides is not enough to describe the application behaviour. The primary challenge is to describe the activity within entirely and among network flows to understand application usage and user behaviour. This thesis proposes novel features to describe precisely a web application behaviour in order to segregate various user activities. Extracting the most discriminative features, which characterise web applications, is a key to gain higher accuracy without being biased by either users or network circumstances. This work investigates novel and superior features that characterize a behaviour of an application based on timing of arrival packets and flows. As part of describing the application behaviour, the research considered the on/off data transfer, defining characteristics for many typical applications, and the amount of data transferred or exchanged. Furthermore, the research considered timing and patterns for user events as part of a network application session. Using an extended set of traffic features output from traffic captures, a supervised machine learning classifier was developed. To this effect, the present work customised the popular tcptrace utility to generate classification features based on traffic burstiness and periods of inactivity for everyday Internet usage. A C5.0 decision tree classifier is applied using the proposed features for eleven different Internet applications, generated by ten users. Overall, the newly proposed features reported a significant level of accuracy (~98%) in classifying the respective applications. Afterwards, uncontrolled data collected from a real environment for a group of 20 users while accessing different applications was used to evaluate the proposed features. The evaluation tests indicated that the method has an accuracy of 87% in identifying the correct network application.Iraqi cultural Attach