Application Layer Based Packet Analysis And Intrusion Detection

  ijett-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2012 by IJETT Journal
Volume-3 Issue-4                          
Year of Publication : 2012
Authors :  BONTHAGORLA VENKATA KOTESWARAO , SHAIK SALMA BEGU

Citation 

BONTHAGORLA VENKATA KOTESWARAO , SHAIK SALMA BEGU. "Application Layer Based Packet Analysis And Intrusion Detection". International Journal of Engineering Trends and Technology (IJETT). V3(4):552-556 Jul-Aug 2012. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group.

Abstract

Network forensics is basically a new approach when it comes to the network information security, because the IDS and firewall cannot always discover and stop the misuse in the whole network. This proposed work is used to capture and analyze the data exchanged among the many different IP traceback techniques like packet marking that assist a forensic investigator to recognize the promicious ip source packets. The proposed network forensics only focus on the network traffic capture,arp spoofing,mac spoofing,attack alerting and traffic replay, that often results in the performance of forensics analysis difficulties. In this particular paper, the frameworks of distributed real time network intrusion forensics system, that`s deployed in local area network environment is analyzed and investigated.

References

[1] Yanet Manzano and Alec Yasinsac, “Policies to Enhance Computer and Network Forensics”, The 2 nd Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop, at the United States Military Academy , June 2001
[2] S. Ioannidis, K. G. Anagnostakis, J. Ioannidis, and A. D. Keromytis. “xPF: packet filtering for lowcost network monitoring”. In Proceedings of the IEEE Workshop on High - Performance Switching and Routing (HPSR), pages 121 -- 126, May 2002.
[3] 10.S. McCanne and V. Jacobson. The BSD packet fil ter: A new architecture for user - level packet capture. In Proc. of the USENIX Technical Conf., Winter 1993
[4] D.Wang, R.Hao, D.Lee. Fault detection in rule - based software systems. Information and Software Technology . 2003. 45(12): 865 - 871.
[5]Application Layer Information Forensics based on Packet Analysis Ruining Guo, Tianjie Cao, Xuan Luo, 2010 International Conference of Information Science and Management Engineering
[6] IEEEStd1003.1.2001. http://standards.ieee.org/reading/ieee/std/posix/ 1003.1 - 2001_vo l3.pdf
[7] W.Ren, H.Jin. Distributed Agent - based Real Time Network Intrusion Forensics System Architecture Design. In Proceedings of the 19 th International Conference on Advanced Information Networking and Applications (AINA’05) . Taipei, Taiwan.
[8] Postel , J. Internet Control Message Protocol, RFC 792. http:// tools.ietf.org/html/rfc0792 [8] Comer, D.E. and Stevens, D.L. 1991. Internetworking with TCP/IP.
[9]SANS Institute Reading Room. ICMP attack illustrated. http://www.sans.org/reading_room/whitepapers/threats/ic mp_attacks_illustrated_477?show=477.php&cat=threats
[10] Kenney, M. Ping of death. http://www.insecure.org/sploits/ping - o - death.html.
[11] Kumar, S. 2007. Smurf - based Dist ributed Denial of Service (DDoS) Attack Amplification in Internet. In Proceedings of International Conference on Internet Monitoring and Protection.