CFP last date
20 January 2025
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2025

Submit your paper
Know more
The week's pick
Responsive image
Implementation of Feature Selection Using Correlation Matrix in Python

Ahmad Farhan AlShammari
Random Articles
Reseach Article

A Packet Scripting Model for Real-Time Detection of Cyber Attacks

by Samera Uga Otor, Beatrice Obianiberi Akumba, Adekunle Adedotun Adeyelu, Joshua Ingya
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 186 - Number 12
Year of Publication: 2024
Authors: Samera Uga Otor, Beatrice Obianiberi Akumba, Adekunle Adedotun Adeyelu, Joshua Ingya
10.5120/ijca2024923505

Samera Uga Otor, Beatrice Obianiberi Akumba, Adekunle Adedotun Adeyelu, Joshua Ingya . A Packet Scripting Model for Real-Time Detection of Cyber Attacks. International Journal of Computer Applications. 186, 12 ( Mar 2024), 40-47. DOI=10.5120/ijca2024923505

@article{ 10.5120/ijca2024923505,
author = { Samera Uga Otor, Beatrice Obianiberi Akumba, Adekunle Adedotun Adeyelu, Joshua Ingya },
title = { A Packet Scripting Model for Real-Time Detection of Cyber Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Mar 2024 },
volume = { 186 },
number = { 12 },
month = { Mar },
year = { 2024 },
issn = { 0975-8887 },
pages = { 40-47 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume186/number12/a-packet-scripting-model-for-real-time-detection-of-cyber-attacks/ },
doi = { 10.5120/ijca2024923505 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-03-27T00:44:31.526345+05:30
%A Samera Uga Otor
%A Beatrice Obianiberi Akumba
%A Adekunle Adedotun Adeyelu
%A Joshua Ingya
%T A Packet Scripting Model for Real-Time Detection of Cyber Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 186
%N 12
%P 40-47
%D 2024
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The dangers of cyberattacks have impacted many businesses and individuals by causing damage to computer systems and networks through malware infiltration, disruption of business activities, and stealing of credentials from users. More often, antiviruses and firewalls have been the first line of defense in the past decades. However, they have proven to be unreliable in recent years due to the evolution of cyber threats, threat landscape in general and zero-day attacks which are new threats developed by hackers, and so, are not known to traditional security defenses. This paper developed a packet scripting model to analyze packets and detect attacks in real-time. The model incorporates the functionalities of TCPdump for packet analysis and Snort which utilizes custom rules to detect attacks in real-time. Practical implementation was achieved through a controlled virtual sandbox environment consisting of virtual machines in a hypervisor, mimicking real-world scenarios for accurate evaluation. Finally, the model's performance was assessed using the real time captured packets to test how well it responds to network traffics. Furthermore, the custom rules were evaluated using an existing bench mark data set to determine how well the rules perform. Results show detection accuracy among others of above 90% for both model dataset and existing dataset.

References
  1. Pop, C. (2024). Endpoint Protector Blog. The Cost of a Data Breach in 2023: Data Loss Prevention: https://www.endpointprotector.com/blog/cost-of-a-data-breach-2023/ January 2nd 2024
  2. Sanders, C., & Smith, J. (2014). Packet analysis. Applied Network Security Monitoring, 341–384. https://doi.org/10.1016/b978-0-12-417208-1.00013-1
  3. Snort. Network Intrusion Detection & Prevention System. (n.d.). https://www.snort.org/
  4. Prabhu, S., & Bhat, S. (2020). Cyber Attacks Mitigation: Detecting Malicious Activities in Network Traffic – A Review of Literature. International Journal of Case Studies in Business, IT, and Education (IJCSBE), 4(2), 40-64 August 2020. http://doi.org/10.5281
  5. Alsharabi, N., Alqunun, M., & Murshed, B. A. (2023). Detecting unusual activities in local network using Snort and wireshark tools. Journal of Advances in Information Technology, 14(4), pp 616–624. https://doi.org/10.12720/jait.14.4.616-624
  6. Thapa, S., & Mailewa, A. (2020, April 28). The role of intrusion detection/prevention systems in Modern Computer Networks: A Review. Easy Chair Home Page. https://easychair.org/publications/preprint/jMT5
  7. Mogaji, S. A., Ayeni, O. A., & Olutayo, V. A. (2022). Analysis of digital forensics in the implementation of intrusion detection using Snort. FUOYE Journal of Pure and Applied Sciences (FJPAS), 7(1), pp 100–107. https://doi.org/10.55518/fjpas.ijms6335
  8. Haugerud, H., Tran, H. N., Aitsaadi, N., & Yazidi, A. (2021). A dynamic and scalable parallel network intrusion detection system using intelligent rule ordering and network function virtualization. Future Generation Computer Systems, 124, pp 254–267. https://doi.org/10.1016/j.future.2021.05.037
  9. Nsabimana, T., Bimenyimana, C. I., Odumuyiwa, V., & Hounsou, J. T. (2020). Detection and prevention of criminal attacks in cloud computing using a hybrid intrusion detection systems. In Intelligent Human Systems Integration 2020, Proceedings of the 3rd International Conference on Intelligent Human Systems Integration (IHSI 2020): Integrating People and Intelligent Systems, February 19-21, 2020, Modena, Italy (pp.667-676)
  10. Gdowski, B., Kościej, R., & Niemiec, M. (2021). Heuristic-based intrusion detection functionality in a snort environment. Information & Security: An International Journal, 50, pp 23–36. https://doi.org/10.11610/isij.5010
  11. Erlansari, A., Coastera, F. F., & Husamudin, A. (2020). Early intrusion detection system (IDS) using Snort and telegram approach. SISFORMA, 7(1), pp 21–27. https://doi.org/10.24167/sisforma.v7i1.2629
  12. Wang S. & Chang J. (2022). Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel, Journal of Network and Computer Applications, 198, 103283, ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2021.103283.
  13. Asad, H., & Gashi, I. (2021). Dynamical analysis of diversity in rule-based open source network intrusion detection systems - empirical software engineering. SpringerLink. October 22 https://link.springer.com/article/10.1007%2Fs10664-021-10046-w
  14. Díaz-Verdejo J, Muñoz-Calle J, Estepa Alonso A, Estepa Alonso R, Madinabeitia G (2022). On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks. Applied Sciences. 2022; 12(2):852. https://doi.org/10.3390/app12020852
  15. Al-Fawa’reh, M., Al-Fayoumi, M., Nashwan, S., & Fraihat, S. (2022). Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior. Egyptian Informatics Journal, 23(2), pp 173–185. https://doi.org/10.1016/j.eij.2021.12.001
  16. Alatram, A., Sikos, L. F., Johnstone, M., Szewczyk, P., & Kang, J. J. (2023), DoS/DDoS-MQTT-IoT: A dataset for evaluating intrusions in IoT networks using the MQTT protocol, Computer Networks, 231, 109809, ISSN 1389-1286, https://doi.org/10.1016/j.comnet.2023.109809.
Index Terms

Computer Science
Information Sciences

Keywords

Packet scripting model real-time detection cyberattacks Snort.

Powered by PhDFocusTM