Network Traffic Analysis for Real-Time Detection of Cyber Attacks

2021 8th International Conference on Computing for Sustainable Global Development (INDIACom) Pub Date : 2021-03-17 DOI:10.1109/INDIACom51348.2021.00113

Mansi Patel, S. Prabhu, A. Agrawal

{"title":"Network Traffic Analysis for Real-Time Detection of Cyber Attacks","authors":"Mansi Patel, S. Prabhu, A. Agrawal","doi":"10.1109/INDIACom51348.2021.00113","DOIUrl":null,"url":null,"abstract":"Preventing the cyberattacks has been a concern for any organization. In this research, the authors propose a novel method to detect cyberattacks by monitoring and analyzing the network traffic. It was observed that the various log files that are created in the server does not contain all the relevant traces to detect a cyberattack. Hence, the HTTP traffic to the web server was analyzed to detect any potential cyberattacks. To validate the research, a web server was simulated using the Opensource Damn Vulnerable Web Application (DVWA) and the cyberattacks were simulated as per the OWASP standards. A python program was scripted that captured the network traffic to the DVWA server. This traffic was analyzed in real-time by reading the various HTTP parameters viz., URLs, Get / Post methods and the dependencies. The results were found to be encouraging as all the simulated attacks in real-time could be successfully detected. This work can be used as a template by various organizations to prevent any insider threat by monitoring the internal HTTP traffic.","PeriodicalId":415594,"journal":{"name":"2021 8th International Conference on Computing for Sustainable Global Development (INDIACom)","volume":"216 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 8th International Conference on Computing for Sustainable Global Development (INDIACom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIACom51348.2021.00113","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Preventing the cyberattacks has been a concern for any organization. In this research, the authors propose a novel method to detect cyberattacks by monitoring and analyzing the network traffic. It was observed that the various log files that are created in the server does not contain all the relevant traces to detect a cyberattack. Hence, the HTTP traffic to the web server was analyzed to detect any potential cyberattacks. To validate the research, a web server was simulated using the Opensource Damn Vulnerable Web Application (DVWA) and the cyberattacks were simulated as per the OWASP standards. A python program was scripted that captured the network traffic to the DVWA server. This traffic was analyzed in real-time by reading the various HTTP parameters viz., URLs, Get / Post methods and the dependencies. The results were found to be encouraging as all the simulated attacks in real-time could be successfully detected. This work can be used as a template by various organizations to prevent any insider threat by monitoring the internal HTTP traffic.

查看原文本刊更多论文

面向网络攻击实时检测的网络流量分析

防止网络攻击一直是任何组织都关心的问题。在本研究中，作者提出了一种通过监测和分析网络流量来检测网络攻击的新方法。据观察，在服务器中创建的各种日志文件并不包含检测网络攻击的所有相关痕迹。因此，分析到web服务器的HTTP流量以检测任何潜在的网络攻击。为了验证该研究，使用开源该死的易受攻击web应用程序(DVWA)模拟了一个web服务器，并按照OWASP标准模拟了网络攻击。编写了一个python程序，用于捕获到DVWA服务器的网络流量。通过读取各种HTTP参数，即url、Get / Post方法和依赖项，实时分析该流量。结果令人鼓舞，所有的模拟攻击都能被实时检测到。这项工作可以被各种组织用作模板，通过监视内部HTTP流量来防止任何内部威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 8th International Conference on Computing for Sustainable Global Development (INDIACom)

自引率

0.00%

发文量