Abstract
The evolution of technology and the increasing connectivity between devices lead to an increased risk of cyberattacks. Good protection systems, such as Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), are essential in trying to prevent, detect and counter most of the attacks. However, the increasing creativity and type of attacks raise the need for more resources and processing power for the protection systems which, in turn, requires horizontal scalability to keep up with the massive companies’ network infrastructure and with the complexity of attacks. Technologies like machine learning, show promising results and can be of added value in the detection and prevention of attacks in real-time. But good algorithms and tools are not enough. They require reliable and solid datasets to be able to effectively train the protection systems. The development of a good dataset requires horizontal-scalable, robust, modular and fault-tolerance systems, so that the analyses may be done also in real-time. This paper describes an architecture for horizontal-scaling capture architecture, able to collect packets from multiple sources and prepared for real-time analysis. It depends on multiple modular nodes with specific roles to support different algorithms and tools.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cordero, C.G., Hauke, S., Muhlhauser, M., Fischer, M.: Analyzing flow-based anomaly intrusion detection using Replicator Neural Networks. In: 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, pp. 317–324. Institute of Electrical and Electronics Engineers Inc. (2016). https://doi.org/10.1109/PST.2016.7906980
Swinhoe, D.: The 15 biggest data breaches of the 21st century. CSO Online (2021). https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Do, E.H., Gadepally, V.N.: Classifying anomalies for network security. In: Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), May 2020, vol. 2020, pp. 2907–2911. Institute of Electrical and Electronics Engineers Inc. (May 2020). https://doi.org/10.1109/ICASSP40776.2020.9053419
Emmerich, P., Pudelko, M., Gallenmüller, S., Carle, G.: FlowScope: efficient packet capture and storage in 100 Gbit/s networks. In: 2017 IFIP Networking Conference, IFIP Networking 2017 and Workshops, January 2018, vol. 2018, pp. 1–9. Institute of Electrical and Electronics Engineers Inc. (July 2017). https://doi.org/10.23919/IFIPNetworking.2017.8264852
Evermann, J., Rehse, J.R., Fettke, P.: Process discovery from event stream data in the cloud - a scalable, distributed implementation of the flexible heuristics miner on the Amazon kinesis cloud infrastructure. In: Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, pp. 645–652. IEEE Computer Society (July 2016). https://doi.org/10.1109/CloudCom.2016.0111
Guo, Y.T., et al.: DPI & DFI: a malicious behavior detection method combining Deep Packet Inspection and Deep Flow inspection. Procedia Eng. 174, 1309–1314 (2017). https://doi.org/10.1016/j.proeng.2017.01.276
Johnson, R.: 60 percent of small companies close within 6 months of being hacked (2019). https://cybersecurityventures.com/60-percent-of-small-companies-close-within-6-months-of-being-hacked/
Kent, E.: CD Projekt hit by “targeted cyber attack” (2021). https://www.eurogamer.net/articles/2021-02-09-cd-projekt-hit-by-targeted-cyber-attack
Lin, H., Yan, Z., Chen, Y., Zhang, L.: A survey on network security-related data collection technologies. IEEE Access 6, 18345–18365 (2018). https://doi.org/10.1109/ACCESS.2018.2817921
Vailsher, L.S.: Global IoT and non-IoT connections 2010–2025 (2021). https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/
Longo, E., Redondi, A.E., Cesana, M.: Accurate occupancy estimation with WiFi and Bluetooth/BLE packet capture. Comput. Netw. 163, 106876 (2019). https://doi.org/10.1016/j.comnet.2019.106876
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2019). https://doi.org/10.1007/s00500-019-04030-2
Lysenko, S., Bobrovnikova, K., Shchuka, R., Savenko, O.: A cyberattacks detection technique based on evolutionary algorithms. In: 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT), pp. 127–132 (2020). https://doi.org/10.1109/DESSERT50317.2020.9125016
Mousavi, S.H., Khansari, M., Rahmani, R.: A fully scalable big data framework for Botnet detection based on network traffic analysis. Inf. Sci. 512, 629–640 (2020). https://doi.org/10.1016/j.ins.2019.10.018
Pudukotai Dinakarrao, S.M., Sayadi, H., Makrani, H.M., Nowzari, C., Rafatirad, S., Homayoun, H.: Lightweight node-level malware detection and network-level malware confinement in IoT networks. In: Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, pp. 776–781. Institute of Electrical and Electronics Engineers Inc. (May 2019). https://doi.org/10.23919/DATE.2019.8715057
Roquero, P., Magaña, E., Leira, R., Aracil, J.: Performance evaluation of client-based traffic sniffing for very large populations. Comput. Netw. 166, 106985 (2020). https://doi.org/10.1016/j.comnet.2019.106985
Saini, P.S., Behal, S., Bhatia, S.: Detection of DDoS attacks using machine learning algorithms. In: Proceedings of the 7th International Conference on Computing for Sustainable Global Development, INDIACom 2020, pp. 16–21. Institute of Electrical and Electronics Engineers Inc. (March 2020). https://doi.org/10.23919/INDIACom49435.2020.9083716
Sobers, R.: Data breach response times: trends and tips (2020). https://www.varonis.com/blog/data-breach-response-times/
Jonathan, S., Jim, F.: Yahoo says all three billion accounts hacked in 2013 data theft. Reuters (2017). https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O1
Worldometer: World Population Projections - Worldometer (2021). https://www.worldometers.info/world-population/world-population-projections/
Acknowledgments
This work was partially supported by the Norte Portugal Regional Operational Programme(NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “CybersSeCIP” (NORTE-01-0145-FEDER-000044).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Oliveira, R., Almeida, J.P., Praça, I., Lopes, R.P., Pedrosa, T. (2021). A Scalable, Real-Time Packet Capturing Solution. In: Pereira, A.I., et al. Optimization, Learning Algorithms and Applications. OL2A 2021. Communications in Computer and Information Science, vol 1488. Springer, Cham. https://doi.org/10.1007/978-3-030-91885-9_46
Download citation
DOI: https://doi.org/10.1007/978-3-030-91885-9_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91884-2
Online ISBN: 978-3-030-91885-9
eBook Packages: Computer ScienceComputer Science (R0)