论文信息 - Improve the Capabilities of Wireshark as a tool for Intrusion Detection in DOS Attacks

Improve the Capabilities of Wireshark as a tool for Intrusion Detection in DOS Attacks

Network anomaly detection is a important and dynamic research area. Signal processing techniques have been applied recently for analyzing and detect network anomalies due to their potential to find novel or unknown intrusions. Flooding is a kind of attack, in which the attacker sends several floods of packets to the victim or associated service in an effort to bring down the system. There are unlike types of flooding attacks like ping flood, Syn floods, UDP (User Datagram Protocols) floods etc. The project simulates a ping flood scenario, by using the ping command on the OS(Operating System) and same time wireshark is installing the system on the victim, which would be used to analyses the number of ping packets acknowledged during a specified period with orientation to a threshold, based on which a flooding attack is detected. In wireshark one port received all ping request. Therefore is not accurate to handle the all request. In this paper briefly disused how is wireshark tool working, wireshark tool disadvantages use traceback mechanism and improved the wireshark tool.

[1] Usha Banerjee,et al. Evaluation of the Capabilities of WireShark as a tool for Intrusion Detection , 2010 .

[2] G. Munz,et al. Distributed Network Analysis Using TOPAS and Wireshark , 2008, NOMS Workshops 2008 - IEEE Network Operations and Management Symposium Workshops.

[3] John W. Coffey,et al. A Tool to Automate Generation of Wireshark Dissectors for a Proprietary Communication Protocol , 2014 .

[4] Nedaa Al Barghouthy,et al. Social Networks IM Forensics: Encryption Analysis , 2013, J. Commun..

[5] Marius Salagean,et al. Anomaly detection of network traffic based on Analytical Discrete Wavelet Transform , 2010, 2010 8th International Conference on Communications.

[6] Dawn Xiaodong Song,et al. SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[7] Hamad Naeem,et al. Wireshark window authentication based packet captureing scheme to pervent DDoS related security issues in cloud network nodes , 2015, 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[8] Wolf-Bastian Pöttner,et al. IEEE 802 . 15 . 4 packet analysis with Wireshark and off-the-shelf hardware , 2010 .