An Open Source Threat Detection Engine With Visualization Framework To Uncover Threats From Offline PCAP Files
Published: 2018
Author(s) Name: Amit Mahajan, Maninder Singh, Vibhakar Mansotra |
Author(s) Affiliation: System Analyst, University of Jammu, Jammu & Kashmir, India.
Locked
Subscribed
Available for All
Abstract
Campus networks are always vulnerable to attacks with the use of technology and vast expansion in the usage of computer networks. Intrusion detection as part of network security and monitoring involves reviewing and examining of large network traffic data. Therefore, many techniques have been devised in detecting and preventing such attacks, but it’s very difficult to analysis the network attacks in small captured packets. Therefore, analysis of full captured packets is more valuable to study the occurrence and type of attacks. The aim of the study is to prevail over this issue, therefore, a framework is proposed to capture, read big pcap files captured from the campus networks. These captured pcap files at different interval of times are processed for offline packet analysis that help us to detect and analyze various types of attacks, with signatures and counts etc. The result so obtained from the proposed threat detection engine explains that it has the ability to capture and identify enormous types of attacks in offline mode to uncover the threats with the ability to read big pcap files in Giga bits due to its multithreading and hardware acceleration capabilities.
Keywords: Network Attacks, IDS or IPS, PCAPs, Visualization, Threat Detection Engine
View PDF