GulomovSherzod Rajaboevich et al., International Journal of Emerging Trends in Engineering Research, 8(5), May 2020, 1561 - 1569 1561 Comparative Analysis of Methods Content Filtering Network Traffic Gulomov Sherzod Rajaboevich 1 ,Karimova Dilbar 2 , Akbarova Shokhida Azatovna 3 , Qosimova Gulnora Ismoilovna 4 1 Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Uzbekistan, sherhisor30@gmail.com 2 Tashkent State Technical University named after Islam Karimov, Uzbekistan, dilbar.karimova.46@mail.ru 3 Tashkent State Technical University named after Islam Karimov, Uzbekistan, sohidaakbarova9@gmail.com 4 Tashkent State Technical University named after Islam Karimov, Uzbekistan, gqosimova@gmail.com ABSTRACT In this paper are analyzed the technical methods for filtering network traffic, their advantages and disadvantages. As well as A comparative analysis are carried out of the method of monitoring and filtering network traffic by intercepting network packets implementing deep packet analysis technologies, the machine learning method Random Forest for filtering traffic, which is an ensemble method that works by constructing many decision trees, the method of filtering traffic by calculating the entropy increment for each of the filter attributes, the method of filtering http-packets allows you to reduce the user waiting time for the requested information and the scheme protection of information availability algorithm based on neural network system. Key words: Distortion, Random Forest, F1-measure, InfoGain, entropy, neural network, sign-class. 1. INTRODUCTION The development of Internet technologies has led to significant changes in the operation of network resources. At the present stage, a huge number of organizations require optimization of network space. Often, users do not understand how much the channel is “clogs up” with the irrational use of Internet connections. This includes watching online videos, online games, and many other factors of abuse in the workplace. Therefore, an extraordinary requirement for the system administrator is the optimization of network resources, filtering and traffic analysis. Based on the criteria obtained, it is possible to determine what are the main problems that overload the corporate network:  uncontrolled users downloading large files from the network;  security problems caused by the lack of control over which sites the organization’s employees visit;  irrational use of working time - online games, viewing entertainment resources on the Internet;  an uncontrolled connection via VPN with production servers, which can lead to viruses on the corporate network. In line with the statistics from the BrightCloud research center, in the absence of flexible filtering, the share of unnecessary and even dangerous sites in the total traffic of the corporate network is about 42% and only 36% of the resources are considered useful and relevant to the work.Controversial resources include 22% of sites visited. The leaders among the sites are social networks, videos and generating heavy traffic - flash banners.Due to the above problems, filtering issues come first in large companies. To provide security and rational management of corporate network traffic, it is necessary to properly manage network performance. 2. TECHNICAL METHODS FOR FILTERING NETWORK TRAFFIC There are several ways to filter traffic at different levels of the TCP/IP stack. Each TCP/IP packet is characterized by 4 parameters: source IP address, destination IP address, source and destination ports. Knowing the source IP address, it can determine which of the users sent this packet, and knowing the IP address and destination port, you can understand who this packet is for and whether it is necessary to check this packet and the entire TCP/IP session [1]. By collecting and proxy the traffic of the required TCP/IP sessions, you can get additional information for filtering HTTPS requests, such as: request URL, domain and request body. For this information, you can use various filtering methods. IP Blocking When using this method, the server on which the unwanted material is located becomes completely inaccessible to the user. However, taking into account modern technologies, thousands of sites and other services, such as FTP or email, can be located on one IP address, so blocking it will result in all of them becoming inaccessible. Due to the low accuracy of this method, countries use it with caution. DNS Distortion When a user accesses any site, the computer sends a request to the DNS server in order to convert the domain name into an IP address. If this method is used, the DNS server returns an invalid address, and the site is inaccessible. Distorting a DNS record can also be implemented without the use of additional equipment. For example, China periodically deprives its users of access to ISSN 2347 - 3983 Volume 8. No. 5, May 2020 International Journal of Emerging Trends in Engineering Research Available Online at http://www.warse.org/IJETER/static/pdf/file/ijeter15852020.pdf https://doi.org/10.30534/ijeter/2020/15852020