30-07-2012, 02:46 PM
NETWORK TRAFFIC ANALYSIS & INTRUSION DETECTION USING PACKET SNIFFER PROTOCOL
TRAFFIC ANALYSIS.doc (Size: 1.01 MB / Downloads: 76)
. INTRODUCTION:
History of Network Security
Network Security:
The area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. Network Security consist of a variety of computer networks, both public and private that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network Security is involved in organization, enterprises, and all other type of institutions. It does as its titles explains, secures the network.
The term network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders. Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention (DLP) techniques. One of these techniques is to compartmentalize large networks with internal boundaries.
Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one factor authentication. With two factor authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM card, or your mobile phone), or with three factor authentication something you 'are' is also used (e.g. a fingerprint or retinal scan).
Existing System:
• Existing system does not support real time monitoring of the network traffic based on type of protocols.
• Existing system does not does not have real time interface with the hardware in order to filter the packets information.
• Existing system does not support backup process of packet information for futher analysis.
• Existing system does not use WinPcap industry level standard win32 programming library in order to interface with the hardware.
• Existing system has limited buffer space for retrieving packets in real time network.
• Existing system does not support application layer packet information.
Proposed System:
• Proposed system supports real time monitoring of the network traffic to any type of protocol versions.
• This system uses packet filtering information.
• This system backup’s captured packet information for further analysis.
• This system uses Standard library Winpcap in order to interface with hardware.
• This system uses unlimited buffer space for retrieving packets in network.
• This system captures application layer packet information efficiently.
System Requirements:
The system is developed base on the requirements of the system itself (to help manage an organization) and technical requirements. There are different view points of what information system automatization is like, however, we can classify them into 3 main groups: view point of the system that will be developed, information expert’s view point and user’s one. These points of view often conflict with one another, at the same time we are required to build up a successful system in which the system, information experts and end users share the same view point. Information system is a system that collects information, manages them and creates information products for its users.
ANALYSIS & DESIGN
Analysis
Definition of System
• First, even though your work as a systems analyst will probably focus on one kind of system an automated, computerized information system – it will generally be a part of a larger system. For example, you may be working on a payroll system, which is part of a larger “human resources” system, which is, in turn, part of an overall business organization (which is itself, a system), which is, in turn, part of al larger economic system, and so on. Thus, to make your system successful, you must understand the other systems with which it will interact. Many of the computer systems that we build are replacements, or new implementations of, non-computerized systems that are already in existence. Also, most computer systems interact with, or interface with, a variety of existing systems (some of which may be computerized and some which may not). If our new computer system is to be successful, we must understand, in reasonable detail, how the current system behaves.
Java Basics:
The key that allows Java to solve both the security and the portability problems just described is that the output of a Java compiler is not executable code. Rather, it is bytecode. Bytecode is a highly optimized set of instructions designed to be executed by the Java run-time system, which is called the Java Virtual Machine (JVM). That is, in its standard form, the JVM is an interpreter for bytecode. This may come as a bit of a surprise. As you know, C++ is compiled to executable code. In fact, most modern languages are designed to be compiled, not interpreted—mostly because of performance concerns.