Abstract
A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three major parts, discussing practical tools for both network attackers and defenders. In the first part, we discuss tools an attacker may use to launch an attack in real-time environment. In the second part, tools for network defenders to protect enterprise networks are covered. Such tools are used by network defenders to minimize occurrences of precursors of attacks. In the last part, we discuss an approach to develop a real-time network traffic monitoring and analysis tool. We include code for launching of attack, sniffing of traffic, and visualization them to distinguish attacks. The developed tool can detect attacks and mitigate the same in real time within a short time interval. Network attackers intentionally try to identify loopholes and open services and also gain related information for launching a successful attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aydın, M., Zaim, A., Ceylan, K.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)
Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Passive and Active Network Measurement, Antibes Juan-les-Pins, pp. 158–167 (2004)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: NADO: network anomaly detection using outlier approach. In: Proceedings of the International Conference on Communication, Computing & Security, Odisha, pp. 531–536. ACM (2011)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. Int. J. Commun. Netw. Inf. Secur. 3(3), 226–239 (2011)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014). doi:10.1109/SURV.2013.052213.00046
CAIDA: The cooperative analysis for Internet data analysis (2011). http://www.caida.org
Chen, W.H., Hsu, S.H., Shen, H.P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617–2634 (2005)
Danielle, L.: Introduction to Dsniff. In: Global Information Assurance Certification Paper. SANS Institute (2002)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(9), 805–822 (1999)
Garber, L.: Denial-of-service attacks RIP the Internet. Computer 33(4), 12–17 (2000). doi:10.1109/MC.2000.839316
Girardin, L.: An eye on network intruder-administrator shootouts. In: Proceedings of the 1st Conference on Workshop on Intrusion Detection and Network Monitoring, ID’99, vol. 1, pp. 3–3. USENIX Association, Berkeley (1999)
Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization ’90, VIS 90, pp. 361–378. IEEE Computer Society Press, Los Alamitos (1990). http://dl.acm.org/citation.cfm?id=949531.949588
Jemili, F., Zaghdoud, M., Ben Ahmed, M.: A framework for an adaptive intrusion detection system using Bayesian network. In: Proceedings of the IEEE Intelligence and Security Informatics, pp. 66–70 (2007)
jNetPcap: jNetPcap – what is it?. http://jnetpcap.com/
Kallitsis, M.G., Stoev, S., Bhattacharya, S., Michailidis, G.: AMON: an open source architecture for online monitoring, statistical analysis and forensics of multi-gigabit streams. CoRR abs/1509.00268 (2015)
Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, pp. 147–152. ACM, New York (2006)
Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597–603 (2000)
MIT Lincoln Laboratory Datasets: MIT LLS_DDOS_0.2.2 (2000). http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html
Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006). doi:10.1145/1132026.1132027
Norton, D.: An Ettercap Primer. In: SANS Institute InfoSec Reading Room (2004)
Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)
Rnmap: Rnmap – remote nmap. http://rnmap.sourceforge.net/
Schiffman, M.D.: Libnet 101, Part 1: the primer. In: Guardent Security Digital Infrastructure, pp. 1–10 (2000)
Shah, S.: An Introduction to HTTP Fingerprinting. Net-Square Solutions (2004)
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 4–4. USENIX Association, Berkeley (2004)
Whalen, Kevin: DDoS Attacks: Beware Headline Risk. https://www.arbornetworks.com/blog/insight/ddos-attacks-beware-headline-risk/
Xie, Y., Yu, S.Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)
Yarochkin, F.: Remote OS detection via TCP/IP stack fingerprinting. Phrack Mag. 17(3) (1998)
Ye, N., Ehiabor, T., Zhang, Y.: First-order versus high-order stochastic models for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 243–250 (2002)
Yeung, K.H., Fung, D., Wong, K.Y.: Tools for attacking layer 2 network infrastructure. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, Hong Kong, vol. 2, pp. 1–6 (2008)
Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington DC, 29 Oct 2004, pp. 26–34 (2004). doi:10.1145/1029208.1029214
Yu, J., Li, Z., Chen, H., Chen, X.: A detection and offense mechanism to defend against application layer DDoS attacks. In: Proceedings of the 3rd International Conference on Networking and Services, pp. 54–54. IEEE (2007)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K. (2017). Practical Tools for Attackers and Defenders. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-65188-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-65188-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65186-6
Online ISBN: 978-3-319-65188-0
eBook Packages: Computer ScienceComputer Science (R0)