Skip navigation
Please use this identifier to cite or link to this item: http://repository.iitr.ac.in/handle/123456789/15739
Title: Data reduction by identification and correlation of TCP/IP attack attributes for network forensics
Authors: Pilli E.S.
Joshi R.C.
Niyogi R.
Published in: Proceedings of International Conference and Workshop on Emerging Trends in Technology 2011, ICWET 2011
Abstract: Network forensics is an alternate approach to security, which monitors network traffic, stores the traces, detects anomalies, identifies the nature of attack, and investigates the source of attack. The challenge is to store, handle and analyze large volumes of network traffic. Attackers are exploiting the vulnerabilities in TCP/IP protocol suite and manipulating various attributes to launch attacks. In this paper, the attacks on TCP/IP protocol suite at the transport and network layer are studied and the significant network features being misused are identified. The key fields of the protocols are correlated with the attacks and are extracted from the packet capture files. These values are stored in a database and statistical information for determining various attack thresholds is derived. This information helps in identifying suspicious addresses and marking evidence packets for forensic analysis. These packets comprise of the highest probable evidence and are converted to a new packet capture file. The reduced size of this preprocessed data enables efficient storage, effective processing and time bound investigation. Copyright © 2011 ACM.
Citation: Proceedings of International Conference and Workshop on Emerging Trends in Technology 2011, ICWET 2011, (2011), 276- 283. Mumbai
URI: https://doi.org/10.1145/1980022.1980085
http://repository.iitr.ac.in/handle/123456789/15739
Issue Date: 2011
Keywords: ICMP
IP
Network forensics
TCP
Traffic analysis
UDP
ISBN: 9781450304498
Author Scopus IDs: 35756126100
7202084587
35100732400
Author Affiliations: Pilli, E.S., Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India
Joshi, R.C., Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India
Niyogi, R., Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India
Corresponding Author: Pilli, E. S.; Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India; email: emshudec@iitr.ernet.in
Appears in Collections:Conference Publications [CS]

Files in This Item:
There are no files associated with this item.
Show full item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.