IJMECS Vol. 5, No. 10, 8 Oct. 2013
Cover page and Table of Contents: PDF (size: 550KB)
Full Text (PDF, 550KB), PP.43-52
Views: 0 Downloads: 0
Anomaly Detection, Network Traffic Analysis, Port Scanning
Along with the growth of the computer system and networks, the mysterious and malicious threats and attacks on the computer systems are also increasing exponentially. There is a need of continuous evaluation of the security of a network and enhancement of the network attack detection system, which will be able to detect different attacks along with the characteristics of the attacks. In previous work, the port scan attack is considered as precursors to an attack and the target was to provide the mitigation technique for the particular port scan attack. There have been relatively few empirical studies done for port scan related attacks and those that do exist may no longer reflect the impact of such attacks on the functionalities of the UTM/network device and on the network. To address this lack of knowledge, this experiment is carried out in fully controlled test bed environment wherein a set of varieties of attack can be simulated and impact of attack(s) is analyzed and appropriate mitigation technique is suggested to mitigate the port scan attack. The experiment result indicates that the port scan mitigation implementation on UTM helps reducing the load on the UTM device and reduces network congestion effectively.
Ashvin Alagiya, Hiren Joshi, Ashish Jani, "Performance Analysis and Enhancement of UTM Device in Local Area Network", International Journal of Modern Education and Computer Science (IJMECS), vol.5, no.10, pp.43-52, 2013. DOI:10.5815/ijmecs.2013.10.06
[1]S. Lee and C. Shields, “Tracing the Source of Network Attack: A Technical, Legal and Societal Problem.” Proc. 2001 IEEE Workshop on Information Assurance and Security, IEEE Press, pp 239-246, 2001.
[2]“Network Attacks” in Tech-FAQ. Available at: http://www.tech-faq.com/network-attacks.html (Accessed: 10th August 2012).
[3]S. Handman, “A Taxonomy of Network and Computer Attack Methodologies”, November 2003, http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2003/hons_0306.pdf(Accessed/downloaded 9th July 2012).
[4]M. Vivo, E. Carrasco, G. Isern, G. Vivo, “A review of port scanning techniques”, ACM SIGCOMM Computer Communication Review, vol. 29 Issue 2, pp. 41 – 48, April 1999
[5]S. Panjwani, S. Tan, M. K.M. Jarrin, M. Cukier, "An experimental evaluation to determine if port scans are precursors to an attack", published in Dependable Systems and Networks, IEEE International Conference, pp 602-611, 2005.
[6]“Bro Intrusion Detection System” in The Bro Network Security Monitor. Available at http://www.bro.org (Accessed on 9th July 2012)
[7]“SNORT: an Open Source Network Intrusion Prevention and Detection System” at IDS web page. Available at http://www.snort.org (Accessed on 9th July 2012)
[8]S. Kim and A. L. N. Reddy, “A Study of Analyzing Network Traffic as Images in Real-Time. In IEEE International Conference of Communication, 2005.
[9]P. Casas, J. Mazel, P. Owezarski, “Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge”, Computer Communications Vol. 35, pp.772-783, July 2012.
[10]M. Thottan and C. Ji “Anomaly Detection in IP Networks.” Proc. IEEE Transactions on Signal Processing, Vol 51, No 8, August 2003.
[11]R. Rao, S. Singh, G Varghese “On Scalable Attack Detection in the Network”, ACM Transactions on Networking, October 2007.
[12]A. Lakhina, M. Crovella, C. Diot, “Diagnosing Network-Wide Anomalies”, ACM, 2004.
[13]P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, E. Vazquez “Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges”, Elsevier (ScienceDirect) August 2008.
[14]K. Hong-shan, Z Ming-qing, T. Jun, L Chang-yuan “The Research of Simulation for Network Security Based on System Dynamics”, Fifth International Conference on Information Assurance and Security, IEEE Computer Society, 2009.
[15]W. El-Hajj1,H. Hajj2, Z. Trabelsi1, F. Aloul3, "Updating snort with a customized controller to thwart port scanning", Security and Communication Networks, John Wiley & Sons, vol. 4, Issue 8, pp. 807-814, 2011
[16]A. Boschetti, C. Muelder, L. Salgarelli, K. Ma, “TVi: A Visual Querying System for Network Moniroting and Anomaly Detection”, ACM, 2011.
[17]M. Bellaiche, J. Gregoire, “Stateful of Stateless Flooding Attack Detection”, Seventh International Conference on Networking and Services, IARIA, 2011.
[18]T. Peng, C. Leckie, and R. Kotagiri, “Protection from Distributed Denial of Service Attack Using History-based IP Filtering,” in International Conference on Communications, IEEE, vol. 1, pp. 482-486, June 2003.
[19]Y. Murthy, G. Jagadish, K. Mrunalini, K. Siva, P. Satyanarayana, V. Kumar, “A Novel Approach to Troubleshoot Security Attacks in Local Area Networks”, vol. 11, No. 9, IJCSNS, September 2011.
[20]Wireshark Utility – Available on http://www.wireshark.org (Accessed on 9th July 2011)
[21]HTTP Traffic Generator in NS Auditor – Available at: http://www.nsauditor.com/web_tools_utilities/http_traffic_generator.html#.UWZQDze3oqA (Accessed on 9th July 2012)
[22]Zenmap in Nmap – Available at: http://nmap.org/zenmap/ (Accessed on 9th July 2012)
[23]HyenaeFE – Available at: http://sourceforge.net/projects/hyenae/ (Accessed on 9th July 2012)