• Title of article

    Network Forensic System for ICMP Attacks

  • Author/Authors

    Atul Kant Kaushik، نويسنده , , R. C. Joshi، نويسنده ,

  • Issue Information
    روزنامه با شماره پیاپی سال 2010
  • Pages
    8
  • From page
    14
  • To page
    21
  • Abstract
    Network forensics is capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. This paper addresses the major challenges in collection, examination and analysis processes. We propose a model for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol. The packet capture file is analyzed for significant ICMP protocol features to mark suspicious packets. The header information encapsulated in the packet capture file is ported to a database. Rule sets designed for various ICMP attacks are queried on the database to calculate various statistical thresholds. This information validates the presence of attacks and will be very useful for the investigation phase. The reduced packet capture size is easy to manage as only marked packets are considered. The protocol features usually manipulated by the attackers is available in database format for next stage analysis and investigation. The model has been tested with a sample attack dataset and the results are satisfactory. The model can be extended to include attacks on other protocols.
  • Keywords
    network forensics , pcap , ICMP , Investigation
  • Journal title
    International Journal of Computer Applications
  • Serial Year
    2010
  • Journal title
    International Journal of Computer Applications
  • Record number

    658421