{"title":"针对端口扫描攻击的网络取证系统","authors":"A. Kaushik, E. Pilli, R. Joshi","doi":"10.1109/IADCC.2010.5422935","DOIUrl":null,"url":null,"abstract":"Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.","PeriodicalId":249763,"journal":{"name":"2010 IEEE 2nd International Advance Computing Conference (IACC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"Network forensic system for port scanning attack\",\"authors\":\"A. Kaushik, E. Pilli, R. Joshi\",\"doi\":\"10.1109/IADCC.2010.5422935\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.\",\"PeriodicalId\":249763,\"journal\":{\"name\":\"2010 IEEE 2nd International Advance Computing Conference (IACC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 2nd International Advance Computing Conference (IACC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IADCC.2010.5422935\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 2nd International Advance Computing Conference (IACC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IADCC.2010.5422935","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques enable investigators to trace and prosecute the attackers. This paper proposes a simple architecture for network forensics to overcome the problem of handling large volumes of network data and the resource intensive processing required for analysis. It uses open source network security tools to collect and store the data. The system is tested against various port scanning attacks and the results obtained illustrate the effectiveness in its storage and processing capabilities. The model can be extended to add detection and investigation of various attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
