Sunday, 24 Nov, 2024

+91-9899775880

011-47044510

011-49075396

An Open Source Threat Detection Engine With Visualization Framework To Uncover Threats From Offline PCAP Files

National Journal of System and Information Technology

Volume 11 Issue 2

Published: 2018
Author(s) Name: Amit Mahajan, Maninder Singh, Vibhakar Mansotra | Author(s) Affiliation: System Analyst, University of Jammu, Jammu & Kashmir, India.
Locked Subscribed Available for All

Abstract

Campus networks are always vulnerable to attacks with the use of technology and vast expansion in the usage of computer networks. Intrusion detection as part of network security and monitoring involves reviewing and examining of large network traffic data. Therefore, many techniques have been devised in detecting and preventing such attacks, but it’s very difficult to analysis the network attacks in small captured packets. Therefore, analysis of full captured packets is more valuable to study the occurrence and type of attacks. The aim of the study is to prevail over this issue, therefore, a framework is proposed to capture, read big pcap files captured from the campus networks. These captured pcap files at different interval of times are processed for offline packet analysis that help us to detect and analyze various types of attacks, with signatures and counts etc. The result so obtained from the proposed threat detection engine explains that it has the ability to capture and identify enormous types of attacks in offline mode to uncover the threats with the ability to read big pcap files in Giga bits due to its multithreading and hardware acceleration capabilities.

Keywords: Network Attacks, IDS or IPS, PCAPs, Visualization, Threat Detection Engine

View PDF

Refund policy | Privacy policy | Copyright Information | Contact Us | Feedback © Publishingindia.com, All rights reserved