An Efficient Clustering

Scheme to Exploit
Hierarchical Data in Network
Traffic Analysis
 Abstract
► There is significant need to improve existing techniques for
clustering multivariate network traffic flow record and
quickly infer underlying traffic patterns.
► we investigate the use of clustering techniques to identify
interesting traffic patterns from network traffic data in an
efficient manner.
► A framework is developed to deal with mixed type
attributes including numerical, categorical, and hierarchical
attributes.
► We demonstrate the improved accuracy and efficiency of
our approach in clustering network traffic.
 Existing System
Categorization based Network monitoring
(Auto Focus) techniques
 Traffic matrix
 Traffic volume
 Traffic dynamics
 Traffic mixture
 Disadvantages
► Itdoes not has Hierarchical Classification
► DOS Attacker can not be Found
► No Intimation for any violation
 Proposed System
► Hierarchical, distance-based clustering scheme
(Echidna).
► To summarize the main types of traffic flows that
are observed in a network.
► Introduction of a new distance measure for
hierarchically structured attributes such as IP
addresses and a set of heuristics.
► Summarize and compress reports of significant
traffic clusters from a hierarchical clustering
algorithm.
 Advantages
► It has System based Hierarchical
Classification
► Efficient Network Traffic Monitoring
► Infer of underlying patterns for multivariate
traffic flows
► It Identify DOS Attack
 Requirement Analysis
► SOFTWARE REQUIREMENTS:-
► Java1.3or More
► Java Swing – front end
► SQL-back end
► Windows 98 or more.

► HARDWARE REQUIREMENTS:-
► Hard disk : 40 GB
► RAM : 265 MB or more
► Processor : Pentium III Processor or
more
 Modules

► Tree construction
► Traffic analysis
► System classification
► Network management
 Modules Description
Tree construction
In this module we construct a topology with individual Nodes which is
tree based. Tree consists of a number of nodes in hierarchical order
i.e. root node, parent nodes and child nodes. With this topology we
enable our transmission of messages. We clusters the tree topology
based on the hierarchy level. Collecting Nodes ip address, port, cluster
level details, it maintain in the network monitoring system.

Traffic analysis
In this module we analyze the traffic and classify them as per their
attributes. This process is done by a initial analysis of the overall
network traffic and the traffic is classified into 3 types and they are
Numerical data, Categorical data, Hierarchal data .Source IP and
Destination IP are hierarchical attributes, byte details is numerical
attributes , and the type of protocol , message type are categorical
attributes.
System classification
In this module we classify the systems in the network based on its
cluster hierarchy. It has done using hierarchical data. If traffic occurs
in the network means, the monitoring System find out the attacker
system by using this system classification. Source IP and Port details
notify the attacker system among the network Based on the system
classification data classification is done.
Network management
In this module we analyze the traffic flow in the network. The flow of
data and usage level of each node is monitored. As per their usage
they are classified and placed in the corresponding table as per their
usage. The higher usage system and lower usage systems are marked.
If traffic occurs in the network, the management system sends the
warning message to attacker system and also discards the DOS
attacker exceeding packets.
 Architecture Diagram

Root

N1 Monitor the Network N2

using Echidna
method

N3 N4 N5 N6
Data Flow diagram:
Send
the
packets

Cluster the tree

network

Monitor the network

Hierarchical, categorical,
numerical, Classification

Check the packets on network

for Avoid the DOS Attack

Receiver
receive the
data