We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

by Bindu Dodiya, Umesh Kumar Singh
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 53
Year of Publication: 2022
Authors: Bindu Dodiya, Umesh Kumar Singh
10.5120/ijca2022921876

Bindu Dodiya, Umesh Kumar Singh . Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise. International Journal of Computer Applications. 183, 53 ( Feb 2022), 1-6. DOI=10.5120/ijca2022921876

@article{ 10.5120/ijca2022921876,
author = { Bindu Dodiya, Umesh Kumar Singh },
title = { Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise },
journal = { International Journal of Computer Applications },
issue_date = { Feb 2022 },
volume = { 183 },
number = { 53 },
month = { Feb },
year = { 2022 },
issn = { 0975-8887 },
pages = { 1-6 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume183/number53/32286-2022921876/ },
doi = { 10.5120/ijca2022921876 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:19:47.089960+05:30
%A Bindu Dodiya
%A Umesh Kumar Singh
%T Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 53
%P 1-6
%D 2022
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Packet analysis is a primary trace back technique in network forensics, Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network .Packet analysis is typically performed using a packet sniffer, a tool used to capture raw network data going across the wire. Wireshark proves to be an effective open source tool in the study of network packets and their behavior. In this regard, Wireshark can be used in identifying and categorizing various types of attack signatures. It lets administrator to see what’s happening on network at a microscopic level. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to find some basic indicators of compromise for a malware.

References
  1. Takahashi, D., Xiao, Y. and Meng, K. (2011) ‘Virtual flow-net for accountability and forensics of computer and network systems’, (Wiley Journal of) Security and Communication Networks, Vol. 7, No. 12, December, pp.2509–2526.
  2. Denis Makrushin” Indicators of Compromise as an Instrument for Threat Intelligence ” Research article available online at https://www.researchgate.net/publication/349211330, Published in august 2015.
  3. Thor, J. (2009) Why You Need a Network Analyzer, online available http://www.technewsworld.com/story/67411.html
  4. Meng, K., Xiao, Y. and Vrbsky, “Building a wireless capturing tool for WiF”, Wiley Journal of Security and Communication Networks, Vol. 2, No. 6, November–December S.V. (2009), pp.654–668.
  5. Vivens Ndatinya, Zhifeng Xiao, Vasudeva Rao Manepalli, Ke Meng and Yang Xiao “Network forensics analysis using Wireshark” Article in International Journal of Security and Networks · Vol. 10, No. 2, 2015.
  6. Chris Sanders “Practical Packet Analysis Using Wireshark to solve Real-World Network Problems” 2nd Edition
  7. https://www.malware-traffic-analysis.net/training-exercises.html 2020-08-21 -- Traffic analysis exercise - Pizza-Bender.
  8. Jack G Zheng, Svetlana Peltsverger “Web Analytics Overview” In book: Encyclopedia of Information Science and Technology, Third Edition Chapter: 756 Publisher: IGI Global January 2015
  9. https://en.wikipedia.org/wiki/VirusTotal.
  10. Richard Sharpe, Ed Warnicke, Ulf Lamping” Wireshark User’s Guide Version” 3.7.0 available online at https://www.wireshark.org/docs/wsug_html/.
  11. Allied Telesis “Dynamic Host Configuration Protocol - DHCP Feature Overview and ConfigurationGuide”availableonlineathttps://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/dhcp_feature_overview_guide.pdf
Index Terms

Computer Science
Information Sciences

Keywords

Packet analyis Indicators of compromise IOC wireshark Maware

Powered by PhDFocusTM