Automated Scalable Platform for Packet Traffic Analysis

Master thesis English OPEN
Miguel José Cavadas Santos;
(2016)
  • Subject: :Electrical engineering, Electronic engineering, Information engineering [Engineering and technology] | Electrical engineering, Electronic engineering, Information engineering | :Engenharia electrotécnica, electrónica e informática [Ciências da engenharia e tecnologias] | Engenharia electrotécnica, electrónica e informática
  • References (13)
    13 references, page 1 of 2

    1 Introduction 1 1.1 Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

    2 State of the Art 5 2.1 Network Monitoring and Packet Logging . . . . . . . . . . . . . . . . . . . . . 5 2.1.1 TCPDump and Libpcap . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2 Wireshark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.3 SmartSniff, WinPcap and WinDump . . . . . . . . . . . . . . . . . . . . 6 2.1.4 Network Monitoring Tools . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 KDD99 Dataset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1 Classifying Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.2 Anomaly Detection in Network Traffic . . . . . . . . . . . . . . . . . . 9 2.3 Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3.1 SNORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.2 Bro Network Security Monitor . . . . . . . . . . . . . . . . . . . . . . . 13 2.4 Distributed Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4.1 Hadoop Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.2 Hadoop for Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . 15 2.4.3 Packetpig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.5 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    3 Developed Platform: The Hunter 17 3.1 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2 The Capturer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3 The Packet Hunter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.3.1 Normal Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.3.2 Use with MapReduce . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.4 Other Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

    4 Cyber Attacks and How Easy They Are 27 4.1 SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1.1 Hacking GET/Search and POST/Search . . . . . . . . . . . . . . . . . . 28 4.1.2 Hacking GET/Select and POST/Select . . . . . . . . . . . . . . . . . . . 29 4.1.3 Bypassing Login Form . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.1.4 Experiments with Boolean Blind SQL injection . . . . . . . . . . . . . . 31 4.2 Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

    [14] http://www.zenoss.com/, [Online; accessed 12-October-2015].

    [15] http://www.ntop.org/, [Online; accessed 12-December-2015].

    [16] U. K. D. in Databases, Kdd cup 1999 data, http://kdd.ics.uci.edu/databases/ kddcup99/kddcup99.html, [Online; accessed 10-October-2015], 2013.

    [17] N. G. Relan and D. R. Patil, “Implementation of network intrusion detection system using variant of decision tree algorithm”, in Nascent Technologies in the Engineering Field (ICNTE), 2015 International Conference on, IEEE, 2015, pp. 1-5.

    M. Roesch et al., “Snort: lightweight intrusion detection for networks.”, in LISA, vol. 99, 1999, pp. 229-238.

    [44] SNORT, https://www.snort.org/faq/why- are- rules- commented- outby-default, [Online; accessed 20-January-2016].

  • Related Research Results (4)
  • Metrics
Share - Bookmark