nach oben

Erschienen in:

2017 | Supplement | Buchkapitel

6. Practical Tools for Attackers and Defenders

verfasst von : Monowar H. Bhuyan, Dhruba K. Bhattacharyya, Jugal K. Kalita

Erschienen in: Network Traffic Anomaly Detection and Prevention

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three major parts, discussing practical tools for both network attackers and defenders. In the first part, we discuss tools an attacker may use to launch an attack in real-time environment. In the second part, tools for network defenders to protect enterprise networks are covered. Such tools are used by network defenders to minimize occurrences of precursors of attacks. In the last part, we discuss an approach to develop a real-time network traffic monitoring and analysis tool. We include code for launching of attack, sniffing of traffic, and visualization them to distinguish attacks. The developed tool can detect attacks and mitigate the same in real time within a short time interval. Network attackers intentionally try to identify loopholes and open services and also gain related information for launching a successful attack.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Alert Management and Anomaly Prevention Techniques

Nächstes Kapitel Evaluation Criteria

http://spot-act.heck.in/queso-scanner-v-0-5.xhtml

http://www.perlmagic.org/

Aydın, M., Zaim, A., Ceylan, K.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)CrossRefMATH

Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Passive and Active Network Measurement, Antibes Juan-les-Pins, pp. 158–167 (2004)

Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: NADO: network anomaly detection using outlier approach. In: Proceedings of the International Conference on Communication, Computing & Security, Odisha, pp. 531–536. ACM (2011)

Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. Int. J. Commun. Netw. Inf. Secur. 3(3), 226–239 (2011)

Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014). doi:10.1109/SURV.2013.052213.00046 CrossRef

CAIDA: The cooperative analysis for Internet data analysis (2011). http://www.caida.org

Chen, W.H., Hsu, S.H., Shen, H.P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617–2634 (2005)CrossRefMATH

Danielle, L.: Introduction to Dsniff. In: Global Information Assurance Certification Paper. SANS Institute (2002)

Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(9), 805–822 (1999)CrossRef

10.

Garber, L.: Denial-of-service attacks RIP the Internet. Computer 33(4), 12–17 (2000). doi:10.1109/MC.2000.839316 CrossRef

11.

Girardin, L.: An eye on network intruder-administrator shootouts. In: Proceedings of the 1st Conference on Workshop on Intrusion Detection and Network Monitoring, ID’99, vol. 1, pp. 3–3. USENIX Association, Berkeley (1999)

12.

Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization ’90, VIS 90, pp. 361–378. IEEE Computer Society Press, Los Alamitos (1990). http://dl.acm.org/citation.cfm?id=949531.949588

13.

Jemili, F., Zaghdoud, M., Ben Ahmed, M.: A framework for an adaptive intrusion detection system using Bayesian network. In: Proceedings of the IEEE Intelligence and Security Informatics, pp. 66–70 (2007)

14.

jNetPcap: jNetPcap – what is it?. http://jnetpcap.com/

15.

Kallitsis, M.G., Stoev, S., Bhattacharya, S., Michailidis, G.: AMON: an open source architecture for online monitoring, statistical analysis and forensics of multi-gigabit streams. CoRR abs/1509.00268 (2015)

16.

Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, pp. 147–152. ACM, New York (2006)

17.

Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597–603 (2000)CrossRef

18.

MIT Lincoln Laboratory Datasets: MIT LLS_DDOS_0.2.2 (2000). http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html

19.

Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006). doi:10.1145/1132026.1132027 CrossRef

20.

Norton, D.: An Ettercap Primer. In: SANS Institute InfoSec Reading Room (2004)

21.

Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)

22.

Rnmap: Rnmap – remote nmap. http://rnmap.sourceforge.net/

23.

Schiffman, M.D.: Libnet 101, Part 1: the primer. In: Guardent Security Digital Infrastructure, pp. 1–10 (2000)

24.

Shah, S.: An Introduction to HTTP Fingerprinting. Net-Square Solutions (2004)

25.

Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 4–4. USENIX Association, Berkeley (2004)

26.

Whalen, Kevin: DDoS Attacks: Beware Headline Risk. https://www.arbornetworks.com/blog/insight/ddos-attacks-beware-headline-risk/

27.

Xie, Y., Yu, S.Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)CrossRef

28.

Yarochkin, F.: Remote OS detection via TCP/IP stack fingerprinting. Phrack Mag. 17(3) (1998)

29.

Ye, N., Ehiabor, T., Zhang, Y.: First-order versus high-order stochastic models for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 243–250 (2002)CrossRef

30.

Yeung, K.H., Fung, D., Wong, K.Y.: Tools for attacking layer 2 network infrastructure. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, Hong Kong, vol. 2, pp. 1–6 (2008)

31.

Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington DC, 29 Oct 2004, pp. 26–34 (2004). doi:10.1145/1029208.1029214

32.

Yu, J., Li, Z., Chen, H., Chen, X.: A detection and offense mechanism to defend against application layer DDoS attacks. In: Proceedings of the 3rd International Conference on Networking and Services, pp. 54–54. IEEE (2007)

Titel: Practical Tools for Attackers and Defenders
verfasst von: Monowar H. Bhuyan
Dhruba K. Bhattacharyya
Jugal K. Kalita
Verlag: Springer International Publishing
Buch: Network Traffic Anomaly Detection and Prevention
Print ISBN: 978-3-319-65186-6

Electronic ISBN: 978-3-319-65188-0

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-65188-0_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"