Data Communication and Networking(21ET63)

Experiential Learning Presentation

On
“Network Packet Sniffing in Modern
Cybersecurity Practices”

Faculty Coordinator
Dr. Usha Padma
Kunal Jain 1RV21ET023
Pranav Jha 1RV21ET037
Saumya Singh 1RV21ET047
Sukrutha N 1RV21ET051
 CONTENTS

• Introduction
• Problem Statement
• Dataset Preprocessing
• Model Architecture
• Model Training & Evaluation
• System Architecture
• Deployment Strategy
• Demonstration
• Result and Performance
• Future Work
• Conclusion
• References
 Introduction

The primary aim of the system is to monitor and detect suspicious network activities. This includes:

● Unauthorized Device Communication: Identifying unapproved devices interacting within the network.
● Data Exfiltration: Preventing unauthorized data transfers and protecting sensitive information.

Technologies Used

● Programming Language: Python

● Web Framework: Flask
● Cloud Platform: Azure
● Machine Learning: Random Forest for classification
● Data Techniques:
○ SMOTE: Synthetic Minority Over-sampling Technique to address class imbalance in the dataset
○ Label Encoding: Converting categorical data into a format suitable for machine learning models
 Problem Statement
Current Challenges

● Difficulty in Detecting and Preventing Network Attacks:

○ Traditional methods often fall short in identifying sophisticated or low-profile attacks.
● Need for Real-Time Monitoring and Anomaly Detection:
○ There is a critical requirement for systems that can continuously monitor network traffic and detect anomalies as they
occur.

Objectives

● Develop an Intelligent Detection System:

○ Create a system capable of automatically identifying and alerting on suspicious activities with high accuracy.
● Deploy Across Platforms:
○ Implement the system on both web and mobile platforms to ensure accessibility and responsiveness.
○ Utilize cloud services to support scalable and reliable deployment.
 Dataset & Preprocessing
Dataset Source

● Source: Synthetic network traffic data (Note: Include source details if publicly available or indicate if the data is custom-
generated).

Features

● Key Features Include:

○ Source MAC Address
○ Destination MAC Address
○ Source IP Address
○ Destination IP Address
○ Protocol
○ Flags
○ Additional network-related attributes

Preprocessing Steps

● Label Encoding:
○ Convert categorical variables into a numerical format to be used in machine learning models.
● Handling Class Imbalance:
○ Apply SMOTE (Synthetic Minority Over-sampling Technique) to generate synthetic samples and balance the dataset for
improved model performance.
 Model Architecture

Machine Learning Model

● Model Used: Random Forest Classifier

○ Reason for Choice:
■ Robustness: Handles large datasets effectively.
■ Accuracy: Provides reliable predictions even with high-dimensional data.

Hyperparameter Tuning

● Method: GridSearchCV
○ Purpose: Systematic search for the best hyperparameters to optimize model performance.
● Key Parameters Tuned:
○ n_estimators: Number of trees in the forest.
○ max_depth: Maximum depth of each tree.
○ min_samples_split: Minimum number of samples required to split an internal node.
○ min_samples_leaf: Minimum number of samples required to be at a leaf node.
 Model Training & Evaluation
Training Process

● Dataset Split:
○ Divided into training and testing sets using a 70-30 split.
● Cross-Validation:
○ Performed with GridSearchCV to determine the optimal hyperparameters.

Evaluation Metrics

● Key Metrics:
○ Accuracy: Overall correctness of the model.
○ Precision: The ratio of true positive predictions to the total predicted positives.
○ Recall: The ratio of true positive predictions to the total actual positives.
○ F1-Score: The harmonic mean of precision and recall, providing a balanced measure.
● Example Performance Results:
○ Accuracy: 51%(Due to Synthetic Data Generation)
○ Recall for Anomaly Class: High, indicating effective detection of anomalies.
 System Architecture
Components

● Data Capture:
○ Tool: Network traffic is captured using a sniffer tool.
● Data Preprocessing:
○ Tools: Data is cleaned and prepared using Pandas, with label encoding and SMOTE applied for handling categorical data
and class imbalance.
● Machine Learning Model:
○ Model: Random Forest Classifier trained on the preprocessed data.
● Web Interface:
○ Framework: Flask application providing real-time monitoring and alerts.
● Mobile Interface:
○ Platform: Android app that interacts with the Flask application via REST APIs.
● Cloud Services:
○ Platform: Hosted on Azure to ensure scalability and accessibility.

Diagram

● Visual Representation:
○ Illustrate the flow of data through the system, from capture to preprocessing, model training, and final alert generation.
 Packet Capturing
Network Analysis
 Deployment Strategy
Web Interface

● Framework: Built using Flask.

● Deployment: Hosted on Azure App Services.
● Features:
○ Dashboard: Displays real-time network traffic.
○ Alerts: Shows notifications for detected suspicious activities.

Mobile Interface

● Platform: Android app.

● Communication: Interacts with the Flask API hosted on Azure.
● Features:
○ Alerts: Provides notifications and updates on network security status.

Azure Services

● Azure App Services:

○ Hosts the Flask application for both web and API functionalities.
● Azure Database
○ Used for data storage and management.
● Azure Functions:
○ Scales model inference as needed to handle varying loads and ensure performance.
 Demonstration

Screenshots of Web Interface

● Alerts Page:
○ Displays detected suspicious activities and alerts.

Screenshots of Mobile App

● Alert Notifications:
○ Examples of push notifications for detected anomalies.
● Status and History:
○ View of network activity status and historical data.
Demonstration
Demonstration
 Results & Performance

Model Performance

● Confusion Matrix:
○ Provides a detailed breakdown of classification results, including true positives, true negatives, false positives, and false
negatives.

Scalability

● System Capacity:
○ Azure Deployment: The system is designed to scale efficiently to handle increased traffic and workload demands.
○ Scalability Features: Utilizes Azure’s infrastructure to ensure high availability and performance under varying conditions.
 Future Work

Enhancements

● Advanced Machine Learning Models:

○ Explore and integrate more sophisticated models, such as deep learning techniques, to improve
detection capabilities.
● Protocol and Traffic Expansion:
○ Expand the system to support a wider range of network protocols and traffic types for more
comprehensive monitoring.
● Sophisticated Alert Mechanisms:
○ Implement advanced alert systems, including integration with Security Information and Event
Management (SIEM) tools, for better incident response.

Scalability

● Enterprise-Level Traffic:
○ Further leverage cloud infrastructure to enhance the system’s ability to handle high-volume,
enterprise-scale traffic efficiently.
 Conclusion

Summary of Achievements

● System Development:
○ Successfully built and deployed a network monitoring system utilizing machine learning
techniques.
● Technology Utilization:
○ Effective use of Flask for web interfaces and Azure for scalable cloud deployment, enabling real-
time monitoring and alerting.

Impact

● Enhanced Network Security:

○ Improved overall network security through proactive threat detection and monitoring.
● Improved Response Capabilities:
○ Enhanced ability to respond to and manage suspicious activities effectively.
 References Paper

R. Shaw and S. Parveen, "Literature Review on Packet Sniffing: Essential for Cybersecurity & Network Security," 2024
5th International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV),
Tirunelveli, India, 2024, pp. 715-719, doi: 10.1109/ICICV62344.2024.00119.

B. Praneeth, V. S. Sambanni, S. G and S. M, "Remote Packet Monitoring: Real-Time Network Analysis from Anywhere,"
2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT),
Bengaluru, India, 2024, pp. 699-703, doi: 10.1109/IDCIoT59759.2024.10467887.

T. N. Guo, "Exploring Physical-Layer Anti-Privacy-Theft Capacity in Wireless Networks," ICC 2024 - IEEE International
Conference on Communications, Denver, CO, USA, 2024, pp. 103-108, doi: 10.1109/ICC51166.2024.10622868.

P. K and V. Ramaiyan, "Model-Based Analysis of IEEE 802.11 Link Performance Using Wireless Packet Capture," 2024
International Conference on Signal Processing and Communications (SPCOM), Bangalore, India, 2024, pp. 1-5, doi:
10.1109/SPCOM60851.2024.10631621.

M. Seufert et al., "Marina: Realizing ML-Driven Real-Time Network Traffic Monitoring at Terabit Scale," in IEEE
Transactions on Network and Service Management, vol. 21, no. 3, pp. 2773-2790, June 2024, doi:
10.1109/TNSM.2024.3382393.