Skip to content

shikhar-srivastava/Network-Traffic-Classification

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
attack_simulator
attack_simulator
 
 
libssh
libssh
 
 
network_simulators
network_simulators
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 
p2p_c
p2p_c
 
 
ssh_c
ssh_c
 
 
ssh_s
ssh_s
 
 
ssh_server.cpp
ssh_server.cpp
 
 

Repository files navigation

Network-Traffic-Classification

Shikhar S, Jawahar Reddy

Summary:

Simulates a diverse network traffic (implements SSH, P2P, TCP protocols with various features like Multi-threading, Session Tracking, multi-user/client file sharing, multimedia transfer, etc) with DoS/IP-spoofing attacks. (See folders network-simulation, attack-simulation). Uses traffic packet-flow features to analyze network traffic (classify, detect anomalies/attacks, cluster/visualize)

Contributions

Simulates a real-time consumer-grade network traffic scenario by implementing a multitude of application & network level protocols in C/C++, as well network security attacks (like DoS attacks). The following protocols were implemented purely in C/C++:

  • SSH (Secure Socket Shell) Traffic
    • Implemented Session tracking, RSA Key verification & Passkey-Auth
    • SSH Server uses multi-threading to handle simulatenous client requests
  • P2P (Peer-to-Peer) for File Transfer
    • Files are segmented and shared amongst multiple users by dynamically switching between server/client functions.
    • Implemented broadcasting to send files to multiple users, multithreading to receive files segments from multiple peers
  • Denial-of-Service (DoS) Attack, IP Spoofing
    • Implemented IP Spoofing with psuedo packet-headers
    • Extendable to Distributed DoS (DDos) attack with basic multithreading
  • TCP Multimedia File transfer

Classifying network traffic accurately, efficiently in real-time, using features obtained only through the initial packet-flow, and without identifying the protocol-ports to generalize to dynamic & unpredictable traffic.

  • Packet-flow features were generated retroactively on packets collected from hours of network simulation
  • Visualizations of clusters using Dimensionality Reduction & Manifold Learning
  • K-Means Clustering for Anomaly Detection and Random Forest model for traffic classification to safe[TCP,SSH,UDP,others], unsafe [network attacks (Dos), anomolous users] classes.

Usage

Refer to folders network-simulation, attack-simulation) for files to generate packets from respective network-level/application-level protocols. You can use a packet capture application (see wireshark) to view the generated traffic.

About

Network traffic Simulation & Classification system

Topics

ssh p2p network-analysis dos-attack network-traffic-classification

Resources

Readme
Activity

Stars

6 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages