Skip to main content
SpringerLink
Log in

Practical Tools for Attackers and Defenders

  • Chapter
  • First Online:
Network Traffic Anomaly Detection and Prevention

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three major parts, discussing practical tools for both network attackers and defenders. In the first part, we discuss tools an attacker may use to launch an attack in real-time environment. In the second part, tools for network defenders to protect enterprise networks are covered. Such tools are used by network defenders to minimize occurrences of precursors of attacks. In the last part, we discuss an approach to develop a real-time network traffic monitoring and analysis tool. We include code for launching of attack, sniffing of traffic, and visualization them to distinguish attacks. The developed tool can detect attacks and mitigate the same in real time within a short time interval. Network attackers intentionally try to identify loopholes and open services and also gain related information for launching a successful attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://spot-act.heck.in/queso-scanner-v-0-5.xhtml

  2. 2.

    http://www.perlmagic.org/

References

  1. Aydın, M., Zaim, A., Ceylan, K.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)

    Article  MATH  Google Scholar 

  2. Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Passive and Active Network Measurement, Antibes Juan-les-Pins, pp. 158–167 (2004)

    Google Scholar 

  3. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: NADO: network anomaly detection using outlier approach. In: Proceedings of the International Conference on Communication, Computing & Security, Odisha, pp. 531–536. ACM (2011)

    Google Scholar 

  4. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. Int. J. Commun. Netw. Inf. Secur. 3(3), 226–239 (2011)

    Google Scholar 

  5. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014). doi:10.1109/SURV.2013.052213.00046

    Article  Google Scholar 

  6. CAIDA: The cooperative analysis for Internet data analysis (2011). http://www.caida.org

    Google Scholar 

  7. Chen, W.H., Hsu, S.H., Shen, H.P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617–2634 (2005)

    Article  MATH  Google Scholar 

  8. Danielle, L.: Introduction to Dsniff. In: Global Information Assurance Certification Paper. SANS Institute (2002)

    Google Scholar 

  9. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(9), 805–822 (1999)

    Article  Google Scholar 

  10. Garber, L.: Denial-of-service attacks RIP the Internet. Computer 33(4), 12–17 (2000). doi:10.1109/MC.2000.839316

    Article  Google Scholar 

  11. Girardin, L.: An eye on network intruder-administrator shootouts. In: Proceedings of the 1st Conference on Workshop on Intrusion Detection and Network Monitoring, ID’99, vol. 1, pp. 3–3. USENIX Association, Berkeley (1999)

    Google Scholar 

  12. Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization ’90, VIS 90, pp. 361–378. IEEE Computer Society Press, Los Alamitos (1990). http://dl.acm.org/citation.cfm?id=949531.949588

  13. Jemili, F., Zaghdoud, M., Ben Ahmed, M.: A framework for an adaptive intrusion detection system using Bayesian network. In: Proceedings of the IEEE Intelligence and Security Informatics, pp. 66–70 (2007)

    Google Scholar 

  14. jNetPcap: jNetPcap – what is it?. http://jnetpcap.com/

  15. Kallitsis, M.G., Stoev, S., Bhattacharya, S., Michailidis, G.: AMON: an open source architecture for online monitoring, statistical analysis and forensics of multi-gigabit streams. CoRR abs/1509.00268 (2015)

    Google Scholar 

  16. Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, pp. 147–152. ACM, New York (2006)

    Google Scholar 

  17. Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597–603 (2000)

    Article  Google Scholar 

  18. MIT Lincoln Laboratory Datasets: MIT LLS_DDOS_0.2.2 (2000). http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html

  19. Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006). doi:10.1145/1132026.1132027

    Article  Google Scholar 

  20. Norton, D.: An Ettercap Primer. In: SANS Institute InfoSec Reading Room (2004)

    Google Scholar 

  21. Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)

    Google Scholar 

  22. Rnmap: Rnmap – remote nmap. http://rnmap.sourceforge.net/

  23. Schiffman, M.D.: Libnet 101, Part 1: the primer. In: Guardent Security Digital Infrastructure, pp. 1–10 (2000)

    Google Scholar 

  24. Shah, S.: An Introduction to HTTP Fingerprinting. Net-Square Solutions (2004)

    Google Scholar 

  25. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 4–4. USENIX Association, Berkeley (2004)

    Google Scholar 

  26. Whalen, Kevin: DDoS Attacks: Beware Headline Risk. https://www.arbornetworks.com/blog/insight/ddos-attacks-beware-headline-risk/

  27. Xie, Y., Yu, S.Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)

    Article  Google Scholar 

  28. Yarochkin, F.: Remote OS detection via TCP/IP stack fingerprinting. Phrack Mag. 17(3) (1998)

    Google Scholar 

  29. Ye, N., Ehiabor, T., Zhang, Y.: First-order versus high-order stochastic models for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 243–250 (2002)

    Article  Google Scholar 

  30. Yeung, K.H., Fung, D., Wong, K.Y.: Tools for attacking layer 2 network infrastructure. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, Hong Kong, vol. 2, pp. 1–6 (2008)

    Google Scholar 

  31. Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington DC, 29 Oct 2004, pp. 26–34 (2004). doi:10.1145/1029208.1029214

  32. Yu, J., Li, Z., Chen, H., Chen, X.: A detection and offense mechanism to defend against application layer DDoS attacks. In: Proceedings of the 3rd International Conference on Networking and Services, pp. 54–54. IEEE (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Kaziranga University, Jorhat, India

    Monowar H. Bhuyan

  2. Tezpur University, Napaam, India

    Dhruba K. Bhattacharyya

  3. University of Colorado, Colorado Springs, Colorado, USA

    Jugal K. Kalita

Authors
  1. Monowar H. Bhuyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dhruba K. Bhattacharyya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jugal K. Kalita
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K. (2017). Practical Tools for Attackers and Defenders. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-65188-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65188-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65186-6

  • Online ISBN: 978-3-319-65188-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation