Back close

Defense strategy against network worms causing ICMP attacks and its forensic analysis

Publication Type : Journal Article

Publisher : Communications in Computer and Information Science

Source : Communications in Computer and Information Science, Volume 196 CCIS, Chennai, p.23-34 (2011)

Url : http://www.scopus.com/inward/record.url?eid=2-s2.0-79960394978&partnerID=40&md5=31fb6625fe06d1bef8fc9c058eb28b72

Keywords : auto-patching, Computer crime, Honeypots, ICMP, Internet protocols, Intrusion detection, Intrusion Detection System, Network forensics, Network protocols, Network security, network worms, pcap, Reaction rates, Sensors, Software testing

Campus : Coimbatore

School : School of Engineering

Department : TIFAC-CORE in Cyber Security

Year : 2011

Abstract : The network forensic analysis process involves preparation, collection, preservation, examination, analysis, investigation and presentation phases. The proposed system addresses the major challenges in collection, examination and analysis processes. The model is for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol that enables forensic experts to analyze the marked suspicious network traffic, thus facilitating cost effective storage and faster analysis of high bandwidth traffic. The ICMP attacks initiated by worms can be detected using this system. The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. Thus worm detection has become a vital part in the Intrusion Detection Systems. A reaction mechanism that seeks to automatically patch vulnerable software is also proposed. This system employs a collection of sensors that detect and capture potential worm infection vectors. The size of the log file generated by different sensors, used for detecting worm infection vectors can be efficiently reduced by the forensic architecture. It automatically tests the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Network forensics relates to the monitoring and analysis of computer network traffic for the purpose of information gathering, legal evidence or intrusion detection. © 2011 Springer-Verlag.

Cite this Research Publication : K. S. Aathira and Kutty, T. N., “Defense strategy against network worms causing ICMP attacks and its forensic analysis”, Communications in Computer and Information Science, vol. 196 CCIS, pp. 23-34, 2011.

Admissions Apply Now