Practical Tools for Attackers and Defenders

  • Monowar H. Bhuyan
  • Dhruba K. Bhattacharyya
  • Jugal K. Kalita
Part of the Computer Communications and Networks book series (CCN)


A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three major parts, discussing practical tools for both network attackers and defenders. In the first part, we discuss tools an attacker may use to launch an attack in real-time environment. In the second part, tools for network defenders to protect enterprise networks are covered. Such tools are used by network defenders to minimize occurrences of precursors of attacks. In the last part, we discuss an approach to develop a real-time network traffic monitoring and analysis tool. We include code for launching of attack, sniffing of traffic, and visualization them to distinguish attacks. The developed tool can detect attacks and mitigate the same in real time within a short time interval. Network attackers intentionally try to identify loopholes and open services and also gain related information for launching a successful attack.


  1. 1.
    Aydın, M., Zaim, A., Ceylan, K.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)CrossRefzbMATHGoogle Scholar
  2. 2.
    Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Passive and Active Network Measurement, Antibes Juan-les-Pins, pp. 158–167 (2004)Google Scholar
  3. 3.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: NADO: network anomaly detection using outlier approach. In: Proceedings of the International Conference on Communication, Computing & Security, Odisha, pp. 531–536. ACM (2011)Google Scholar
  4. 4.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. Int. J. Commun. Netw. Inf. Secur. 3(3), 226–239 (2011)Google Scholar
  5. 5.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014). doi:10.1109/SURV.2013.052213.00046 CrossRefGoogle Scholar
  6. 6.
    CAIDA: The cooperative analysis for Internet data analysis (2011). Google Scholar
  7. 7.
    Chen, W.H., Hsu, S.H., Shen, H.P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617–2634 (2005)CrossRefzbMATHGoogle Scholar
  8. 8.
    Danielle, L.: Introduction to Dsniff. In: Global Information Assurance Certification Paper. SANS Institute (2002)Google Scholar
  9. 9.
    Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(9), 805–822 (1999)CrossRefGoogle Scholar
  10. 10.
    Garber, L.: Denial-of-service attacks RIP the Internet. Computer 33(4), 12–17 (2000). doi:10.1109/MC.2000.839316 CrossRefGoogle Scholar
  11. 11.
    Girardin, L.: An eye on network intruder-administrator shootouts. In: Proceedings of the 1st Conference on Workshop on Intrusion Detection and Network Monitoring, ID’99, vol. 1, pp. 3–3. USENIX Association, Berkeley (1999)Google Scholar
  12. 12.
    Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization ’90, VIS 90, pp. 361–378. IEEE Computer Society Press, Los Alamitos (1990).
  13. 13.
    Jemili, F., Zaghdoud, M., Ben Ahmed, M.: A framework for an adaptive intrusion detection system using Bayesian network. In: Proceedings of the IEEE Intelligence and Security Informatics, pp. 66–70 (2007)Google Scholar
  14. 14.
    jNetPcap: jNetPcap – what is it?.
  15. 15.
    Kallitsis, M.G., Stoev, S., Bhattacharya, S., Michailidis, G.: AMON: an open source architecture for online monitoring, statistical analysis and forensics of multi-gigabit streams. CoRR abs/1509.00268 (2015)Google Scholar
  16. 16.
    Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, pp. 147–152. ACM, New York (2006)Google Scholar
  17. 17.
    Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Comput. Netw. 34(4), 597–603 (2000)CrossRefGoogle Scholar
  18. 18.
    MIT Lincoln Laboratory Datasets: MIT LLS_DDOS_0.2.2 (2000).
  19. 19.
    Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006). doi:10.1145/1132026.1132027 CrossRefGoogle Scholar
  20. 20.
    Norton, D.: An Ettercap Primer. In: SANS Institute InfoSec Reading Room (2004)Google Scholar
  21. 21.
    Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, pp. 1–13 (2006)Google Scholar
  22. 22.
    Rnmap: Rnmap – remote nmap.
  23. 23.
    Schiffman, M.D.: Libnet 101, Part 1: the primer. In: Guardent Security Digital Infrastructure, pp. 1–10 (2000)Google Scholar
  24. 24.
    Shah, S.: An Introduction to HTTP Fingerprinting. Net-Square Solutions (2004)Google Scholar
  25. 25.
    Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 4–4. USENIX Association, Berkeley (2004)Google Scholar
  26. 26.
    Whalen, Kevin: DDoS Attacks: Beware Headline Risk.
  27. 27.
    Xie, Y., Yu, S.Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)CrossRefGoogle Scholar
  28. 28.
    Yarochkin, F.: Remote OS detection via TCP/IP stack fingerprinting. Phrack Mag. 17(3) (1998)Google Scholar
  29. 29.
    Ye, N., Ehiabor, T., Zhang, Y.: First-order versus high-order stochastic models for computer intrusion detection. Qual. Reliab. Eng. Int. 18(3), 243–250 (2002)CrossRefGoogle Scholar
  30. 30.
    Yeung, K.H., Fung, D., Wong, K.Y.: Tools for attacking layer 2 network infrastructure. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, Hong Kong, vol. 2, pp. 1–6 (2008)Google Scholar
  31. 31.
    Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington DC, 29 Oct 2004, pp. 26–34 (2004). doi:10.1145/1029208.1029214
  32. 32.
    Yu, J., Li, Z., Chen, H., Chen, X.: A detection and offense mechanism to defend against application layer DDoS attacks. In: Proceedings of the 3rd International Conference on Networking and Services, pp. 54–54. IEEE (2007)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Monowar H. Bhuyan
    • 1
  • Dhruba K. Bhattacharyya
    • 2
  • Jugal K. Kalita
    • 3
  1. 1.Kaziranga UniversityJorhatIndia
  2. 2.Tezpur UniversityNapaamIndia
  3. 3.University of ColoradoColorado SpringsUSA

Personalised recommendations