0 evaluări0% au considerat acest document util (0 voturi)
23 vizualizări6 pagini
Network security is basically a major concern in
the realm of computer Science. Although great efforts have
been spent on security problems, the network is still
suffering from numerous attacks, which might lead to huge
damage and loss. Visualization systems for intrusion
detection have become more widespread with time, yet the a
shortage of an organizing framework for correct creation of
this technology is problematic. Log files are main sources
for security analysis. However, log files do not happen to be
easy to use created and it is a laborious of work to be find
helpful information from logs. Visualization system
designed for security purposes provides more perceptive
and great ways for security analysis. Most security
visualization systems are based upon data from log
files.With the multiplication of attacks against computer
networks, system administrators are required to monitor
carefully the traffic exchanged by the networks they
manage. However, that monitoring task is increasingly
laborious because of the augmentation of the amount of
data to analyze. And that trend is going to intensify with the
explosion of the number of devices connected to computer
networks along with the global rise of the available network
bandwidth[1]. Visualization mechanisms utilize the parallel
processing power of the human visual system to allow for
the identification of possible network activity. This research
details the development and use of a visualization system for
network security. All of the activity generated by an
attacker leaves traces, which can be seen by inspecting
network traffic. Log files are created in response to both
malicious and innocuous activity, depending on the logging
level. These logs and traces are what network security
professionals have to work with in order to detect, defend
against, and prevent security breaches. The first proposed
system focuses on increasing the utility of intrusion
detection systems by providing information rich displays of
network alerts. The second system provides new methods of
visualizing network packets that enable the analyst to
efficiently and effectively explore network traffic for
malicious activity.
Network security is basically a major concern in
the realm of computer Science. Although great efforts have
been spent on security problems, the network is still
suffering from numerous attacks, which might lead to huge
damage and loss. Visualization systems for intrusion
detection have become more widespread with time, yet the a
shortage of an organizing framework for correct creation of
this technology is problematic. Log files are main sources
for security analysis. However, log files do not happen to be
easy to use created and it is a laborious of work to be find
helpful information from logs. Visualization system
designed for security purposes provides more perceptive
and great ways for security analysis. Most security
visualization systems are based upon data from log
files.With the multiplication of attacks against computer
networks, system administrators are required to monitor
carefully the traffic exchanged by the networks they
manage. However, that monitoring task is increasingly
laborious because of the augmentation of the amount of
data to analyze. And that trend is going to intensify with the
explosion of the number of devices connected to computer
networks along with the global rise of the available network
bandwidth[1]. Visualization mechanisms utilize the parallel
processing power of the human visual system to allow for
the identification of possible network activity. This research
details the development and use of a visualization system for
network security. All of the activity generated by an
attacker leaves traces, which can be seen by inspecting
network traffic. Log files are created in response to both
malicious and innocuous activity, depending on the logging
level. These logs and traces are what network security
professionals have to work with in order to detect, defend
against, and prevent security breaches. The first proposed
system focuses on increasing the utility of intrusion
detection systems by providing information rich displays of
network alerts. The second system provides new methods of
visualizing network packets that enable the analyst to
efficiently and effectively explore network traffic for
malicious activity.
Network security is basically a major concern in
the realm of computer Science. Although great efforts have
been spent on security problems, the network is still
suffering from numerous attacks, which might lead to huge
damage and loss. Visualization systems for intrusion
detection have become more widespread with time, yet the a
shortage of an organizing framework for correct creation of
this technology is problematic. Log files are main sources
for security analysis. However, log files do not happen to be
easy to use created and it is a laborious of work to be find
helpful information from logs. Visualization system
designed for security purposes provides more perceptive
and great ways for security analysis. Most security
visualization systems are based upon data from log
files.With the multiplication of attacks against computer
networks, system administrators are required to monitor
carefully the traffic exchanged by the networks they
manage. However, that monitoring task is increasingly
laborious because of the augmentation of the amount of
data to analyze. And that trend is going to intensify with the
explosion of the number of devices connected to computer
networks along with the global rise of the available network
bandwidth[1]. Visualization mechanisms utilize the parallel
processing power of the human visual system to allow for
the identification of possible network activity. This research
details the development and use of a visualization system for
network security. All of the activity generated by an
attacker leaves traces, which can be seen by inspecting
network traffic. Log files are created in response to both
malicious and innocuous activity, depending on the logging
level. These logs and traces are what network security
professionals have to work with in order to detect, defend
against, and prevent security breaches. The first proposed
system focuses on increasing the utility of intrusion
detection systems by providing information rich displays of
network alerts. The second system provides new methods of
visualizing network packets that enable the analyst to
efficiently and effectively explore network traffic for
malicious activity.
Network Packet Analysis Through Visualization Systems P.Mahesh Babu Gudlavalleru Engineering College, Gudlavalleru. Sri K.Srinivas Associate Professor CSE Department, Gudlavalleru Engineering College, Gudlavalleru.
Abstract Network security is basically a major concern in the realm of computer Science. Although great efforts have been spent on security problems, the network is still suffering from numerous attacks, which might lead to huge damage and loss. Visualization systems for intrusion detection have become more widespread with time, yet the a shortage of an organizing framework for correct creation of this technology is problematic. Log files are main sources for security analysis. However, log files do not happen to be easy to use created and it is a laborious of work to be find helpful information from logs. Visualization system designed for security purposes provides more perceptive and great ways for security analysis. Most security visualization systems are based upon data from log files.With the multiplication of attacks against computer networks, system administrators are required to monitor carefully the traffic exchanged by the networks they manage. However, that monitoring task is increasingly laborious because of the augmentation of the amount of data to analyze. And that trend is going to intensify with the explosion of the number of devices connected to computer networks along with the global rise of the available network bandwidth[1]. Visualization mechanisms utilize the parallel processing power of the human visual system to allow for the identification of possible network activity. This research details the development and use of a visualization system for network security. All of the activity generated by an attacker leaves traces, which can be seen by inspecting network traffic. Log files are created in response to both malicious and innocuous activity, depending on the logging level. These logs and traces are what network security professionals have to work with in order to detect, defend against, and prevent security breaches. The first proposed system focuses on increasing the utility of intrusion detection systems by providing information rich displays of network alerts. The second system provides new methods of visualizing network packets that enable the analyst to efficiently and effectively explore network traffic for malicious activity.
Keywords Network,Port Visualize,Tcp Packets,Udp.
I. INTRODUCTION
The world wide web has changed our everyday lives. You can find grown used to having everything online, whether it be news or publications, map services, timetables, translation services, social interaction, personal communication, forums, encyclopedias, entertainment, reservation services, banking, shopping, or possibly a calendar. We're also commencing to want the same services offered to us wherever we go and whatever
the time using the network devices of our choice. Because the Internet has this sort of profound effect on our lives in recent times, developers should recognize how it works and just how the advice above are created produced mobile. To understand the way in which Internet works, the developer has got to know about lower level services that enable the Internet, and everything built besides it. The product or service enabling the Internet are offered in the form of data communications protocols, so understanding themwill be the key. However, conducting a forensic examination of an anomalous event can be remarkably difficult. It is difficult to recognize relevant events because their number is in most cases incredibly small compared to the full number of events according to the network. Although there are many research projects for classification of network traffic, these solutions are faulty and cannot performas well being a human expert. For example, a recent systemfor network traffic classification achieved up to 90% coverage with 95% accuracy . The problem is the idea that automated systems should still generate a great many of false positives, which must be inspected by hand. Moreover, these systems are likely to only screen out single events; the extraction of relevant sequences remains a research problem. Since automatic systems cannot extract these patterns effectively, we developed visualization systems that may augment the pattern-recognition abilities regarding a our analyst engaged in the iterative means of forensic breakdown. Some use parallel plots in which a vertical axis represents the entire IP addresses space from 0.0.0.0 to 255.255.255.255 where lines between them show connections. VisFlow Connect is different, in that it uses parallel plots to show the connections between the inside network to the outside network [46]. Lines thats how links fade over time while line width shows traffic volume. Filtering can be done for protocol, port, IP address and traffic threshold. Possible signs of attack were seen by dissymmetry in the plot by connections where for e.g. an inside host connects to many outside subnets. Also unusually large amounts of traffic going back and forth are a possible indicator of malicious activity. Rumint [3] also uses parallel plotsto show connections. It also gives users the option of mapping axes to other parameters, like port number.
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 2 Nov 2013 ISSN: 2231-2803 http://www.ijcttjournal.org Page96
II. LITERATURE SURVEY
Rao and Card describe Table Lens (Figure 2.1), which makes it possible for users to interactively set up large tables files [48]. A user-chosen distortion maps a few of the rows and columns to some graphical representation which enables more rows and columns to get displayed than possible with a text table. Siirtola describes an implementation of interactive reordering which directly converted Bertins example to a computer [5]. The pilot study showed that novice users was willing to discover some correlations within the data utilizing the tool. Kincaid [2] explains VistaClara, a system to look into correlations in microarray data by rearranging assortment and columns. VistaClara comes with an extension to sort rows and columns by diverse similarity metrics. The primary difference between Isis and these systems is Isis supports an iterative investigation process.
NVisionIP parses ow information from Netow. From the ow statistics gathered, NVisionIP implements three views which help to give an overall view of the network. In the galaxy view, an entire classB IP space iss hown via a 256x256 grid matrix, where each point reps a unique class B IP address. Each points color represents how many times that IP address was a source or destination of a ow. Further detail is seen in the small multiple view which shows a subset of the IP addresses and histograms of ow port count for each IP. Choosing one IP address to focus on gives the machine view where for that address a User sees the ow port count for well-known and dynamic ports. Some more recent work, a sin [3], uses a 3D axisto show time, port numbers and number of bytes or packets. The port axis is not xed; it is dynamically allocated according to activity. To avoid possible occlusion of port labels on the axis, the ports represented are limited to those that have a certain amount of activity. If a port scan occurs, such as large scale scan.
Several tools have been developed to visualize and process Snort IDS [4] alarmlog les. One is SnortView [5] where a matrix view is used to show IP address connections over time. Color is used to highlight user selected communication paths, and color is also used to encode the alarm severity (high, medium and low priority). Glyphs are used to encode network protocol type. Detailed information for the currently selected alarmis given at the bottomof the display.
Host/Server Monitoring:
[2]In this class of visualization, the main display is devoted to the representation of hosts and servers. The intent is to display the current state of a network by visualizing the number of users, system load, status, and unusual or unexpected host or server activities. Portall digs deeper into the monitored hosts and tends to correlate TCP connections with the host processes that generate them, allowing an end-to-end visualization of communications between distributed processes. As displayed in Fig, the main display consists of two parallel axes with the left side representing clients and the right side representing servers and their respective processes. A line is drawn froma client to a server to depict a TCP connection.
Internal/External Monitoring
Visualizations of this class are concerned with the interaction of internal hosts with respect to external IPs.
port numbers are aggregated into multiple groups based on the services provided in the network. Well-known ports (<1;024) are assigned to major services on a system making them more vulnerable to attacks. For this reason, they are placed into bins of 100s, registered ports (<50;000) are placed into bins of 10,000s, and the remaining private/dynamic ports (50,000-65,535) are placed into a single bin[3].
Attack Patterns Visualizations of this class aid an administrator in not
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 2 Nov 2013 ISSN: 2231-2803 http://www.ijcttjournal.org Page97
only the detection of attacks but also the display of multistep attacks[2].
Drawbacks in Existing system:
Privacy issues disclosing network topologies and security mechanisms Probe response attacks triggering rare rules in signature-based intrusion detection systems (IDSs), employing rare ports combinations, etc. that can be later recovered Fingerprinting searching through patterns in the data to identify hosts or devices Data accuracy due to the vast amount of data and collaborative analysis precision and accuracy is scrutinized Usability issues security conflicts with usability in the aspect of obfuscating the IP addresses that appear in alerts Blending attacks submission of fake records in the hopes that it produces a recognized pattern in released data sets[2].
III. PROPOSED SYSTEM
1. Monitoring: monitoring attack alerts and identifying potential attacks 2. Analysis: analyzing alerts and other data to diagnose an at tack 3. Response: responding to the attack, documenting and then reporting.
Algorithm to capture n/w packets
Step 1:Get list of all network interfaces and store themin NetworkInterface[] Step 2: Get each Network Interface name and its MAC addresses in the NetworkInterface[] Step 3: Choose NetworkInterface to capture packets in promiscuous mode. (In non-promiscuous mode, when a NIC receives a frame, it normally drops it unless the frame is addressed to that NIC's MAC address or is a broadcast or multicast frame, thus in Promiscuous mode allowing the computer to read frames intended for other machinesor network devices) Step 4: Set no.of Packets to capture. (Infinite -1) Step 5: Print the packets in the console. Step 6: End
Framework for design security visualization systems. Security data flows through a series of intermediate processing, encoding and filtering steps before being visualized. After visualization, the results may be logged graphically and tailored reports may be created.
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 2 Nov 2013 ISSN: 2231-2803 http://www.ijcttjournal.org Page98
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 2 Nov 2013 ISSN: 2231-2803 http://www.ijcttjournal.org Page99
Displaying packets in gui visualizer
Tracerouting the client system
Traceroute1
Traceroute2
Performance Analysis: Proposed Approach takes less time to visualize the packets information between arriving and displaying each packet on the screen. Proposed approach uses robust normal distribution in order to get the statistical feature of the users behavior.
0 200 400 Proposed Existing Propo sed 3 345 Existi ng 7 236 Tracebackti me(ms) NumberofP ackets Comparison between traceback time and number of packets size.
Comparison between traceback time and number of packets size. 0 100 200 300 400 Proposed Existing Proposed 235 234 Existing 235 375 Noofpackets PingTime(ms) Comparison between pinging time and number of packets
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 2 Nov 2013 ISSN: 2231-2803 http://www.ijcttjournal.org Page100
V. CONCLUSION AND FUTURE SCOPE
Information Visualization is one way of effectively communicating information. Deception is one way to negatively affect this capability. Todays systems are being used in critical applications to glean insights that are difficult to see using traditional non-visual techniques. Even carefully user-customized applications are vulnerable due to incorrect defaults, limitations in the visualizations themselves and weaknesses in the overall system. To help counter these attacks this systemwill gives better accuracy compare to existing approaches in terms of ip tracing and packets visualization are consider.
REFERENCES
[1]. Toward a Scalable Visualization System for Network Traffic Monitoring Erwan Le Malcot.
[2].A Survey of Visualization Systems for Network Security Hadi Shiravi, Ali Shiravi, IEEE TRANSACTIONS ON VISUALIZATION AND COMPUTER GRAPHICS, VOL. 18, NO. 8, AUGUST 2012 [3] Conti, G. and Ahamad, M. Countering Denial of Information Attacks. IEEE Security and Privacy. (accepted, to be published) [4] Army Battlefield Deception Operations. Air War College, United States Air Force. http://www.au.af.mil/au/awc/awcgate /army/batdecep.htm [5] Howard, M. and LeBlanc, D. Writing Secure Code. Microsoft Press, 2002. [6] Wilkinson, L. The Grammar of Graphics. Springer- Verlag, 1999. [7] Propaganda. Disinfopedia. http://www.disinfopedia.org/wiki.phtml?title=Propagand a [8] Spence, R. Information Visualization. ACM Press, 2001. [9] Tufte, E. Visual Explanations: Images and Quantities, Evidence and Narrative. Graphics Press, 1997. [10] Tufte, E. Envisioning Information. Graphics Press, 1990