Network forensic system for port scanning attack

Abstract

Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.