Open Access
Subscription Access
Open Access
Subscription Access
An Open Source Threat Detection Engine with Visualization Framework to Uncover Threats from Offline PCAP Files
Subscribe/Renew Journal
Campus networks are always vulnerable to attacks with the use of technology and vast expansion in the usage of computer networks. Intrusion detection as part of network security and monitoring involves reviewing and examining of large network traffic data. Therefore, many techniques have been devised in detecting and preventing such attacks, but it’s very difficult to analysis the network attacks in small captured packets. Therefore, analysis of full captured packets is more valuable to study the occurrence and type of attacks. The aim of the study is to prevail over this issue, therefore, a framework is proposed to capture, read big pcap files captured from the campus networks. These captured pcap files at different interval of times are processed for offline packet analysis that help us to detect and analyze various types of attacks, with signatures and counts etc. The result so obtained from the proposed threat detection engine explains that it has the ability to capture and identify enormous types of attacks in offline mode to uncover the threats with the ability to read big pcap files in Giga bits due to its multithreading and hardware acceleration capabilities.
Keywords
Network Attacks, IDS/ IPS, PCAPs, Visualization, Threat Detection Engine.
Subscription
Login to verify subscription
User
Font Size
Information
Abstract Views: 339
PDF Views: 0