A review of port scanning techniques
ACM SIGCOMM Computer Communication Review
A Look Back at "Security Problems in the TCP/IP Protocol Suite"
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A Simple Framework for Distributed Forensics
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Specification and Detection of TCP/IP Based Attacks Using the ADM-Logic
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Analysis of internet backbone traffic and header anomalies observed
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
DDoS Defense Using TCP_IP Header Analysis and Proactive Tests
ITCS '09 Proceedings of the 2009 International Conference on Information Technology and Computer Science - Volume 02
Taxonomies of attacks and vulnerabilities in computer systems
IEEE Communications Surveys & Tutorials
Review: TCP/IP security threats and attack methods
Computer Communications
Internet holes - Part 2: Packet fragmentation attacks
Network Security
Feature: Fragmentation Attacks: Protection Tools and Techniques
Network Security
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
Network forensics is an alternate approach to security, which monitors network traffic, stores the traces, detects anomalies, identifies the nature of attack, and investigates the source of attack. The challenge is to store, handle and analyze large volumes of network traffic. Attackers are exploiting the vulnerabilities in TCP/IP protocol suite and manipulating various attributes to launch attacks. In this paper, the attacks on TCP/IP protocol suite at the transport and network layer are studied and the significant network features being misused are identified. The key fields of the protocols are correlated with the attacks and are extracted from the packet capture files. These values are stored in a database and statistical information for determining various attack thresholds is derived. This information helps in identifying suspicious addresses and marking evidence packets for forensic analysis. These packets comprise of the highest probable evidence and are converted to a new packet capture file. The reduced size of this preprocessed data enables efficient storage, effective processing and time bound investigation.