Traffic analysis
Traffic analysis, also known as network traffic analysis, is a critical process used by network administrators to monitor and evaluate data flow across interconnected computer networks. This analysis helps identify any anomalies, such as unexpected spikes in data usage or unauthorized connections, which could indicate security threats like malware or unauthorized access. Computer networks vary widely in type and size, serving diverse functions from personal use to organizational operations and scientific research. They can be classified into Local Area Networks (LANs), Wireless Local Area Networks (WLANs), and larger structures like Metropolitan Area Networks (MANs) and the Internet, the most extensive global network.
While firewalls and intrusion detection systems are fundamental for network security, traffic analysis provides an additional layer of defense by examining the communications between devices. Administrators often establish a baseline of normal network activity to detect deviations, though some modern tools can analyze traffic without prior history by comparing it to similar networks. Beyond security, traffic analysis also aids in network optimization, allowing administrators to identify high bandwidth users or peak usage times to enhance performance. As cyber threats evolve to mimic legitimate activity, continuous advancements in traffic analysis techniques remain essential for effective network management.
On this Page
Traffic analysis
Network traffic analysis refers to software that allows network administrators to track the flow of data across computer networks. A computer network is a series of interconnected computers. Each computer on a network is able to communicate with other computers on the network. Computer networks come in a variety of types and sizes, suited to different purposes.
Many hackers attempt to gain access to computer networks. They utilize tools like malware to gain illicit access to computers on a network. Gaining access to one computer on a network makes it easier for hackers to access other computers on a network. For this reason, network administrators use network traffic analysis software. This allows administrators to study the flow of data across the network, investigating any abnormalities that may occur. Abnormalities include unusual spikes in data usage and connections from new or unsecured devices.
Other network administrators use traffic analysis to optimize their network. They can use the software to study the times at which the network is most used and how well the network holds up to unusually heavy usage. Administrators can then tune the network to better meet its users’ demands.
Background
A computer network is a series of computing devices that are connected to one another, allowing them to send data to other computers on the network. Though the earliest computer networks can be traced back to the 1960s, they bear little resemblance to modern networks. Networks are necessary for many tasks commonly conducted by the average computer user. These include sharing files with one another, accessing information remotely, communicating with text or video, printing, and scanning. However, they are also necessary for the function of modern businesses and are commonly utilized in scientific research.
Local Area Networks (LAN) connect computers within a small area. Smaller LANs may connect the devices within a personal office, while larger LANs might connect the devices within a school. Wireless Local Area Networks (WLAN) function similarly to LANs, but utilize Wi-Fi or Bluetooth to connect devices. Campus networks are similar to LANs, but tend to cover devices across multiple nearby buildings. They are common in colleges, corporations, and government agencies. Metropolitan Area Networks (MAN) are large networks that stretch over a region. They are made up of numerous smaller LANs, all interconnected. Global networks are many interconnected networks that collectively span much of the planet. The best-known global network in operation is the Internet.
Most networks can be divided into two categories: client/server networks and peer-to-peer networks. Client/server networks utilize a set of centralized servers that can be accessed by the devices in the network. The servers provide much of the storage for the network, and the network could not function without them. Peer-to-peer networks directly connect each device to other devices on the network. If a single device is removed from a large peer-to-peer network, most of the network continues to function. Client/server networks are commonly utilized by large businesses, while peer-to-peer networks are more commonly found in homes.
Though computer networks are useful, their widespread use does come with risk. If a hacker gains access to a computer network, it is possible for the hacker to gain access to many of the devices on the network. Additionally, many types of malware are programmed to spread throughout a computer network, making them more difficult to remove. A single device, not connected to any other devices, is at substantially lower risk for contracting malware than devices connected to networks.
Overview
Traffic analysis, also called network traffic analysis, is the process of intercepting and analyzing the communications between devices on a network. Abnormalities in the volume or type of communication between devices on a network can lead network administrators to discover the presence of malware. In most cases, network traffic analysis is not the primary means of defense for a network. Most networks utilize firewalls, intrusion detection systems, and intrusion prevention systems to help stop unauthorized users from accessing the network. However, these methods might fail to detect abnormal behavior on the network itself.
Early iterations of network traffic analysis first had to develop a baseline for how a network normally operates. For example, they would operate with the network for a long enough time to establish when traffic is normally high, when traffic is normally low, and the type of connections that normally occur on the network. The software would then compare new developments against the network’s history and alert network administrators when something abnormal occurred. For example, it might appear abnormal if a network traditionally confined to an office building was suddenly opened to devices outside the building. The software could then alert a network administrator to these developments, allowing the administrator to identify the potential vulnerability. Some more modern network traffic analysis software does not require the history of a network to begin analysis, instead comparing the network’s activity to examples of similar networks that already exist.
Most modern threats to computer networks are designed to appear as legitimate as possible. For this reason, continued advances in network traffic analysis have been necessary to defend networks against hackers. Some recent advancements in network traffic analysis include tracking specific network entities and encrypted traffic analysis.
In addition to its uses in data security, many network administrators turn to network traffic analysis for network optimization. For example, Internet providers may use traffic analysis software to identify and track users who utilize a particularly high amount of bandwidth. Other administrators might use traffic analysis software to study when their network comes under the most strain and whether the network is still performing effectively when under higher-than-usual amounts of stress.
Bibliography
“5 Critical Reasons for Network Traffic Analysis.” Netmon, www.netmon.com/5-critical-reasons-network-traffic-analysis/. Accessed 8 Jan. 2019.
Arauo, Rudolph. “Advanced Network Traffic Analysis & Why It Matters.” Awake, awakesecurity.com/blog/advanced-network-traffic-analysis-and-why-it-matters/. Accessed 8 Jan. 2019.
Cecil, Alisha. “A Summary of Network Traffic Monitoring and Analysis Techniques.” www.cse.wustl.edu/~jain/cse567-06/ftp/net‗monitoring/index.html. Accessed 8 Jan. 2019.
“How to Analyze Network Traffic.” Netfort, 2019, hwww.netfort.com/how-to-analyze-network-traffic/. Accessed 8 Jan. 2019.
McCauley, Gary. “What Is a Computer Network?” Field Engineer, 21 May 2019, www.fieldengineer.com/blogs/what-is-a-computer-network. Accessed 8 Jan. 2019.
“Network Traffic Analysis.” Awake, awakesecurity.com/glossary/network-traffic-analysis/. Accessed 8 Jan. 2019.
“Network Traffic Analysis.” Kentik, www.kentik.com/network-traffic-analysis/. Accessed 8 Jan. 2019.
“Network Traffic Analysis.” Technopedia, www.techopedia.com/definition/29976/network-traffic-analysis. Accessed 8 Jan. 2019.
"What Is Network Traffic Analysis for Cybersecurity?" GeeksforGeeks, 26 Apr. 2024, www.geeksforgeeks.org/what-is-network-traffic-analysis/. Accessed 7 Nov. 2024.