Аналіз структури мережевого трафіку та мережевих аномалій на прикладі сегмента локальної мережі кампусу Національного університету “Львівська політехніка”

Abstract

Новітні мережі підтримують тенденцію щодо підвищення інтеграції різних типів мережевої інфраструктури і технологій, формуючи так звану концепцію “Інтернету речей”. Це вимагає створення нових підходів до забезпечення безпеки і цілісності мереж, боротьби з мережевими аномаліями. Використання методів “точкового аналізу” трафіку і формування базових принципів, необхідних для створення так званих “розумних мереж”, допомагає наблизитися до відповіді на ці виклики. The main objectives of this article are to analyze and propose new solution to increase network efficiency and security. New approaches to the network designs are emerging with changing of network services and network availability requirements. To create network environment that can fully support ability to freely interconnect between various devices and inside different network types (BYOD (Bring Your Own Device), Internet of Things, etc.), the new mechanism of traffic analysis and control must be developed. When discussing basic principles of this new approach, we need to take in consideration all the major challenges that this “freely interconnected” concepts are facing. The main problem will be network security and integrity. Also significantly will increase percentage of “parasite” network traffic and network anomalies occurrence. But with high traffic rates transmitted over network segments and mobility of network users that are using wireless network infrastructure, current approaches Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and other network and security monitoring approaches just not flexible enough and inefficient. The future of network security and traffic control solutions lies within “smart network” concept. New types of “smart networks” need to have an ability to react autonomously on any “threat” or anomaly in network flow. This requires an algorithm that can in real time make a correct suggestion regarding current network problems. Basically the whole process will include three stages: monitoring (finding and locating certain network problem and defining its “pattern”), classification (using “pattern” that was established on previous stage classification algorithm can now find suggested source of the problem and mechanism of solving it), resolving problem (finally we can apply solution that algorithm choose to solve the problem). All this stages must be combined in one procedure that is executed by autonomous controlling unit. For decreasing an amount of false positives and information that needs to be proceeded, this control mechanism need to include problem detection solution that will use “critical point” method of information gathering (only collect traces and traffic patterns of certain minimum that needed to identify problem), and machine learning (to dynamically improve quality of selected solutions).