Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

An Open Source Threat Detection Engine with Visualization Framework to Uncover Threats from Offline PCAP Files


Affiliations
1 Computer Science and IT from Department of Computer science and IT, University of Jammu, India
2 Computer Science and Engineering Department of Thapar Institute of Engineering & Technology, Patiala, India
3 Department of Computer Science & IT, & University of Jammu, India
     

   Subscribe/Renew Journal


Campus networks are always vulnerable to attacks with the use of technology and vast expansion in the usage of computer networks. Intrusion detection as part of network security and monitoring involves reviewing and examining of large network traffic data. Therefore, many techniques have been devised in detecting and preventing such attacks, but it’s very difficult to analysis the network attacks in small captured packets. Therefore, analysis of full captured packets is more valuable to study the occurrence and type of attacks. The aim of the study is to prevail over this issue, therefore, a framework is proposed to capture, read big pcap files captured from the campus networks. These captured pcap files at different interval of times are processed for offline packet analysis that help us to detect and analyze various types of attacks, with signatures and counts etc. The result so obtained from the proposed threat detection engine explains that it has the ability to capture and identify enormous types of attacks in offline mode to uncover the threats with the ability to read big pcap files in Giga bits due to its multithreading and hardware acceleration capabilities.

Keywords

Network Attacks, IDS/ IPS, PCAPs, Visualization, Threat Detection Engine.
Subscription Login to verify subscription
User
Notifications
Font Size


Abstract Views: 305

PDF Views: 0




  • An Open Source Threat Detection Engine with Visualization Framework to Uncover Threats from Offline PCAP Files

Abstract Views: 305  |  PDF Views: 0

Authors

Amit Mahajan
Computer Science and IT from Department of Computer science and IT, University of Jammu, India
Maninder Singh
Computer Science and Engineering Department of Thapar Institute of Engineering & Technology, Patiala, India
Vibhakar Mansotra
Department of Computer Science & IT, & University of Jammu, India

Abstract


Campus networks are always vulnerable to attacks with the use of technology and vast expansion in the usage of computer networks. Intrusion detection as part of network security and monitoring involves reviewing and examining of large network traffic data. Therefore, many techniques have been devised in detecting and preventing such attacks, but it’s very difficult to analysis the network attacks in small captured packets. Therefore, analysis of full captured packets is more valuable to study the occurrence and type of attacks. The aim of the study is to prevail over this issue, therefore, a framework is proposed to capture, read big pcap files captured from the campus networks. These captured pcap files at different interval of times are processed for offline packet analysis that help us to detect and analyze various types of attacks, with signatures and counts etc. The result so obtained from the proposed threat detection engine explains that it has the ability to capture and identify enormous types of attacks in offline mode to uncover the threats with the ability to read big pcap files in Giga bits due to its multithreading and hardware acceleration capabilities.

Keywords


Network Attacks, IDS/ IPS, PCAPs, Visualization, Threat Detection Engine.