Network forensic system for port scanning attack

Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traff...

Full description

Saved in:
Bibliographic Details
Main Authors: Kaushik, A.K., Pilli, E.S., Joshi, R.C.
Format: Conference Proceeding
Language:English
Subjects:
Computer networks
Data security
FIFO
Forensics
Hardware
Information analysis
Internet
Intrusion detection
Monitoring
network forensics
NFATs
port scanning
Protocols
snort
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.
DOI:10.1109/IADCC.2010.5422935