Capture, Analyze and Detect Malicious Activities in a University Network Traffic

Abstract

In this thesis, we delve into the patterns of university network traffic and present the issues from an empirical aspect. Distinctively, this research capitalizes on hand-classified Internet traffic. It is crucial to understand patterns of university traffic and usage behaviour of end users. We address the problem of identifying malicious activities and understanding Internet usage within the university campus. This thesis aims at discovering the hidden patterns based on the analysis done on the captured traffic. To tackle the problem, systematically traffic is captured, filtered, managed and then analyzed. This approach gives analysis based on some python scripts and some open source tools which gives flexibility for distribution and code modification.

Signature based IDS require previous database of the anomaly patterns so that it can detect the attacks based on that information. On the flip side, attacks develop gradually to circumvent detection from signature based IDS. Another solution is to depend on statistical network traffic analysis. We have opted for the latter solution. In this manner it is possible to timely recognize abnormal network behaviour. Monitoring the network traffic is of prime importance for network security as it provides information regarding security breaches and helps to understand their impacts. Network monitoring is helpful in gathering useful information for security managers, network managers, marketing personnel, planners and others.