Title :
Network forensic system for port scanning attack
Author :
Kaushik, Atul Kant ; Pilli, Emmanuel S. ; Joshi, R.C.
Author_Institution :
Dept. of Electron. & Comput. Eng., Indian Inst. of Technol. Roorkee, Roorkee, India
Abstract :
Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.
Keywords :
Internet; security of data; telecommunication traffic; Internet; network data; network forensic system; network traffic; open source network security tools; port scanning attack; resource intensive processing; Computer networks; Data security; Forensics; Hardware; Information analysis; Internet; Intrusion detection; Monitoring; Protocols; Telecommunication traffic; FIFO; NFATs; network forensics; port scanning; snort;
Conference_Titel :
Advance Computing Conference (IACC), 2010 IEEE 2nd International
Conference_Location :
Patiala
Print_ISBN :
978-1-4244-4790-9
Electronic_ISBN :
978-1-4244-4791-6
DOI :
10.1109/IADCC.2010.5422935
