A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

Wenguang Song; Mykola Beshley; Krzysztof Przystupa; Halyna Beshley; Orest Kochan; Andrii Pryslupskyi; Daniel Pieniak; Jun Su

doi:10.3390/s20061637

Sensors (Mar 2020)

A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

Wenguang Song,
Mykola Beshley,
Krzysztof Przystupa,
Halyna Beshley,
Orest Kochan,
Andrii Pryslupskyi,
Daniel Pieniak,
Jun Su

Affiliations

Wenguang Song: School of Computer Science, Yangtze University, Jingzhou 434023, China
Mykola Beshley: Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine
Krzysztof Przystupa: Department of Automation, Lublin University of Technology, Nadbystrzycka 36, 20-618 Lublin, Poland
Halyna Beshley: Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine
Orest Kochan: Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine
Andrii Pryslupskyi: Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine
Daniel Pieniak: Department of Mechanics and Machine Building, University of Economics and Innovations in Lublin, Projektowa 4, 20-209 Lublin, Poland
Jun Su: School of Computer Science, Hubei University of Technology, Wuhan 430068, China

DOI: https://doi.org/10.3390/s20061637
Journal volume & issue: Vol. 20, no. 6
p. 1637

Abstract

Read online

In this paper, to solve the problem of detecting network anomalies, a method of forming a set of informative features formalizing the normal and anomalous behavior of the system on the basis of evaluating the Hurst (H) parameter of the network traffic has been proposed. Criteria to detect and prevent various types of network anomalies using the Three Sigma Rule and Hurst parameter have been defined. A rescaled range (RS) method to evaluate the Hurst parameter has been chosen. The practical value of the proposed method is conditioned by a set of the following factors: low time spent on calculations, short time required for monitoring, the possibility of self-training, as well as the possibility of observing a wide range of traffic types. For new DPI (Deep Packet Inspection) system implementation, algorithms for analyzing and captured traffic with protocol detection and determining statistical load parameters have been developed. In addition, algorithms that are responsible for flow regulation to ensure the QoS (Quality of Services) based on the conducted static analysis of flows and the proposed method of detection of anomalies using the parameter Hurst have been developed. We compared the proposed software DPI system with the existing SolarWinds Deep Packet Inspection for the possibility of network traffic anomaly detection and prevention. The created software components of the proposed DPI system increase the efficiency of using standard intrusion detection and prevention systems by identifying and taking into account new non-standard factors and dependencies. The use of the developed system in the IoT communication infrastructure will increase the level of information security and significantly reduce the risks of its loss.

Published in Sensors

ISSN: 1424-8220 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Chemical technology
Website: http://www.mdpi.com/journal/sensors

About the journal

Abstract

Keywords