CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Network Forensic System for ICMP Attacks

by Atul Kant Kaushik, R. C. Joshi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 2 - Number 3
Year of Publication: 2010
Authors: Atul Kant Kaushik, R. C. Joshi
10.5120/649-906

Atul Kant Kaushik, R. C. Joshi . Network Forensic System for ICMP Attacks. International Journal of Computer Applications. 2, 3 ( May 2010), 14-21. DOI=10.5120/649-906

@article{ 10.5120/649-906,
author = { Atul Kant Kaushik, R. C. Joshi },
title = { Network Forensic System for ICMP Attacks },
journal = { International Journal of Computer Applications },
issue_date = { May 2010 },
volume = { 2 },
number = { 3 },
month = { May },
year = { 2010 },
issn = { 0975-8887 },
pages = { 14-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume2/number3/649-906/ },
doi = { 10.5120/649-906 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:50:30.522344+05:30
%A Atul Kant Kaushik
%A R. C. Joshi
%T Network Forensic System for ICMP Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 2
%N 3
%P 14-21
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Network forensics is capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. This paper addresses the major challenges in collection, examination and analysis processes. We propose a model for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol. The packet capture file is analyzed for significant ICMP protocol features to mark suspicious packets. The header information encapsulated in the packet capture file is ported to a database. Rule sets designed for various ICMP attacks are queried on the database to calculate various statistical thresholds. This information validates the presence of attacks and will be very useful for the investigation phase. The reduced packet capture size is easy to manage as only marked packets are considered. The protocol features usually manipulated by the attackers is available in database format for next stage analysis and investigation. The model has been tested with a sample attack dataset and the results are satisfactory. The model can be extended to include attacks on other protocols.

References
  1. Yasinsac, A. and Manzano, Y. 2001. Policies to Enhance Computer and Network Forensics. In IEEE Workshop on Information Assurance and Security.
  2. Ren, W. and Jin, H. 2005. Modeling the network forensics behaviors. In Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks.
  3. K. Y. Lam, L. Hui and S. L. Chung, “A Data Reduction Method for Intrusion Detection”, Journal of Systems and Software, 1996.
  4. Shanmugasundaram, K. and Memon, N. 2006. Network Monitoring for Security and Forensics. In proceedings of 2nd International Conference on Information Systems Security.
  5. Jacobson, V., Leres, C. and McCanne, S. Pcap and Libpcap. Lawrence Berkeley National Laboratory, www.tcpdump.org
  6. Almulhem, A. and Traore, I. 2005. Experience with Engineering a Network Forensics System. In Proceedings of International Conference on Information Networking.
  7. Postel, J. Internet Control Message Protocol, RFC 792. http:// tools.ietf.org/html/rfc0792
  8. Comer, D.E. and Stevens, D.L. 1991. Internetworking with TCP/IP.
  9. SANS Institute Reading Room. ICMP attack illustrated. http://www.sans.org/reading_room/whitepapers/threats/icmp_attacks_illustrated_477?show=477.php&cat=threats
  10. Kenney, M. Ping of death. http://www.insecure.org/sploits/ping-o-death.html.
  11. Kumar, S. 2007. Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet. In Proceedings of International Conference on Internet Monitoring and Protection.
  12. Dracinschi, A. and Fdida, S. 2000. Congestion Avoidance for Unicast and Multicast Traffic. In Proceedings of 1st European Conference on Universal Multiservice Networks.
  13. Wireshark, “Libpcap File Format,” December, 2008. http://wiki.wireshark.org/Development/LibpcapFileFormat
  14. Degioanni, L., Risso, F. and Varenni, G. 2004. PCAP Next Generation File Format. http://www.winpcap.org/ ntar/draft/PCAP-DumpFileFormat.html
  15. S. Mukkamala and A. H. Sung, “Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques”, International Journal of Digital Evidence, 2003.
  16. S. Staniford, J. A. Hoagland, and J. M. McAlerney, “Practical automated detection of stealthy portscans”, Journal of Computer Security 10, 2002.
  17. Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K. and Watson, D. 2005. Data reduction for the scalable automated analysis of distributed darknet traffic. In Proceedings of USENIX/ACM Internet Measurement Conference.
  18. Maier, G., Sommer, R., Dreger, H., Feldmann, A., Paxson, V. and Schneider, F. 2008. Enriching network security analysis with time travel. In Proceedings of ACM SIGCOMM.
  19. A reference manual on Snort Users Manual 2.8.4, http://www.snort.org/assets/120/snort_manual.pdf
  20. Jacobson, V., et al. TCPDump - dump traffic on a network, http://www.tcpdump.org/tcpdump_man.html
  21. Rechard, S. and Warnicke. Wireshark’s Users Guide, http://www.wireshark.org/docs/wsug_html_chunked/
  22. Lyon, G., F. Nmap Reference Guide, http://nmap.org/book/man.html
  23. Sing - Send ICMP Nasty Garbage packets to network hosts, http://www.securitydistro.com/toolinfo/31/Sing-MAN-Page.php
  24. Traceroute - print the route packets take to network host, http://www.freebsd.org/cgi/man.cgi?query=traceroute
Index Terms

Computer Science
Information Sciences

Keywords

Network forensics pcap ICMP Investigation

Powered by PhDFocusTM