AN ANALYSIS ON BANDWIDTH
UTILIZATION AND TRAFFIC
PATTERN FOR NETWORK
SECURITY MANAGEMENT
1
1
Khushbookumari1, Navotna2
Student of information technology, UPTU
2
Student of information technology, UPTU
Khushbookumari845@gmail.com, 2navotna845@gmail.com
This paper presented an analysis on
network bandwidth utilizations and traffic
pattern in an organization. It presents pattern of
network traffic, used of bandwidth utilization
and network trends properties. Internet traffics
are analyzed and the traffic pattern behavior is
identified. Network Protocol Analyzer is used as
a centre agent and has been setup and plug at
the main entrance of internet traffic flow from
outside world into the inside network of the
organization. Valuable information such as
traffic pattern on category trends, protocols
trends, internet traffic and bandwidth used is
captured. Then all traffics flow from the internet
to the inside network is filtered according to the
identified policies. Both traffic filtered and
unfiltered traffic then are compared and
analyzed in bandwidth throughput, category
trends, protocols trend, risk class trends and
type of internet applications used. This research
has successfully gathered and analyzed the
traffic flows, identified the network trends and
bandwidth utilization. Bandwidth shaping also
has been successfully done in prioritizing the
applications used.
ABSTRACT-
Keywords: Bandwidth Utilization, Traffic Pattern,
Security, Network Agent, Network Management,
Bandwidth Performance.
1. INTRODUCTION
Network performance is one of the important
issues today in computer engineering applications
and systems mainly in Network Management.
Network performance analysis efforts would really
help the computer network engineers in order to
offer better services and excellent supervision in
Network Management administrations. This project
scope involves running a fluke tools as an agent
scanning the network traffic that sits on a network.
The process of identifications and defining traps on
network attack will be delivered that calls policy
implemented. This policy was tap to the tools or
agent to capture the network traffic on bandwidth
and protocols that risk the network for security
purposes. This presented pattern of network traffic
used and bandwidth utilization performance base on
the filtered trends. Statistics of all indentified
captured risk and policies are tabulated. The
captured data then are analyzes on the bandwidth
utilization. This paper would help the network
administrator or manager to improve the network
performance and overcome the issue of network
bandwidth usage as ports scanning, peer to peer
applications is mostly used. This research has
successfully gathered and analyzed the traffic
flows, identified the network trends and bandwidth
utilization. Bandwidth shaping also has been
successfully done in prioritizing the applications
used.
NETWORK TRAFFIC PATTERN AND INTRUSION
SCENARIO
Manage network traffic and it performances turns to
be a critical problem in network management in
today’s world. Therefore much progress is being
made to protect internet and intranet, such as the
firewall and intrusion detection system on the
network traffic that can cause worm in the network.
Unfortunately the capacity of these solutions is very
limited where evidence that network attacks occur
cannot be provided .Much effort has been spent on
designing more effective traffic mechanisms,
building better defense measures, and generating
vulnerability-specific remedies. Due to this reason,
research on analyze the network pattern in
delivering the better network performance and
management. A network that has been prepared for
forensic analysis is easy to monitor, security
vulnerabilities and configuration problems can be
conveniently identified. It also allows the best
possible analysis of security violations. Considering
the network implementations policy and where is
the interest to analyze the traffic is important. A
focus to monitor the external accessible servers
point on the external demilitarized zone (DMZ) in
the network is crucial. There are primary evidence
and secondary evidence. Primary evidence refers to
information that directly indicates attacks or
security policy violations. Secondary evidence
refers to information that does not directly represent
attacks but could provide complementary
information for investigation. Secondary evidence
comes from extensive sources and in a much higher
volume. Generally, primary evidence is the starting
Point of forensic investigation and provides the
basis for searches towards secondary evidence.
Querying the secondary evidence usually has two
objectives: to discover hidden suspicious events and
to evaluate the trustworthiness of primary evidence.
In their current prototype, they have used network
Intruder Detections Systems (IDS) alerts as the
primary evidence. They also captured raw network
flow logs and host logs that are used as secondary
Evidence. Network analysis framework presented
based on the distributed techniques which providing
an integrated platform for automatic analysis
evidence collection and efficient data storage.
DATA COLLECTION AND METHOD
This research present the method similar to
forensics network in forensic system architecture
but the agent are placed at the one core centre from
the internet to the inside network.
More data on bandwidth are presented because this
forensic try to details in one of the worms attacks
are on the bandwidth used on the network such as
the Denial of Services (DOS) attacks. There are two
type of filtering policy done for the capture traffic
such as default filtering where Network analyzer is
setup with Global policy applied to collect the raw
data went through from the internet to inside
network. The second one is called Customize
Filtering.
Customized policies are defined in different levels
of access of the internet users.
RESULT AND CONCLUSION
The comparison of protocol use on bandwidth
usage has been analyzed on the findings gathered
in 10 days time between filtered and unfiltered data.
It shows the difference gathered of bandwidth
differences and increment between filtered and
unfiltered task.
After filtered has been done on prioritized protocols
then bandwidth were filtered based on the identified
protocols. The data on risk class on filtered and
unfiltered implementation has been compared. The
risk class factors are productivity loss, Business
usage, Network Bandwidth loss, security risk and
legal liability. Network bandwidth loss uses most
bandwidth with 89% and productivity loss also uses
second most bandwidth with 83%.Security Risk
also has presented a high bandwidth loss. This
shows that, there are facts that the network is being
attack on the bandwidth usage.
Fig:-Filtered at on the core center from internet
to the inside network
CAPTURED TRAFFIC AND ANALYSIS DATA
All captured of the raw and filtered is presented and
analyzed in this section. Category trend is the
bandwidth utilization of internet traffic collected by
category. Data on the Category on
Bandwidth utilization of internet traffic has been
captured in 20 days. Protocol trend is the
collections of Bandwidth utilization on internet
traffic that are filtered by Protocol. Certain
protocols that are filtered are known to users to do
such a non-productive work or malicious work
while they are surfing to the internet.
Fig 2:-Bandwidth difference between protocols
REFERENCES
[1] The IEEE website. [Online] Available: http://www.ieee.org/
[2]WWW.engpaper.com/network-security-research-paper-22.htm
[3]Tannenbaum “Computer network” book