Graphical analysis of captured network packets for detection of suspicious network nodes
The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, net...
Saved in:
| Published in: | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) pp. 1 - 5 |
|---|---|
| Main Authors: | , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01-06-2020
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, network security has been one of the critical things most organization and corporation has to handle. Each day, attacks are continually being executed into professional secured corporate or organization networks and sometimes into private networks. Wireshark is a tool generally used for network packet capture however, it is very tedious sometimes to filter and follow TCP streams. This problem exacerbates in a situation where colossal network data or traffic needs to be analyzed for suspicious traffic. This paper leverages the use of Python libraries and Data Science techniques to ease the packet capturing and graphical analysis process on a live network. Using these techniques will enhance the gleaning out more interesting attributes of network packet and fish out the suspicious IP address, network ports or malicious data readily within the shortest possible time. The research conducted showed how a broadcast IP address 255.255.255.255 might be suspicious within the internal network of the live university network. The suspicion was based on the payload data sent to this address and a possible error or misconfiguration on the Ubiquiti UniFi access point. |
|---|---|
| AbstractList | The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, network security has been one of the critical things most organization and corporation has to handle. Each day, attacks are continually being executed into professional secured corporate or organization networks and sometimes into private networks. Wireshark is a tool generally used for network packet capture however, it is very tedious sometimes to filter and follow TCP streams. This problem exacerbates in a situation where colossal network data or traffic needs to be analyzed for suspicious traffic. This paper leverages the use of Python libraries and Data Science techniques to ease the packet capturing and graphical analysis process on a live network. Using these techniques will enhance the gleaning out more interesting attributes of network packet and fish out the suspicious IP address, network ports or malicious data readily within the shortest possible time. The research conducted showed how a broadcast IP address 255.255.255.255 might be suspicious within the internal network of the live university network. The suspicion was based on the payload data sent to this address and a possible error or misconfiguration on the Ubiquiti UniFi access point. |
| Author | Olasehinde, Olayemi Alese, Boniface Kayode Aryeh, Felix Larbi |
| Author_xml | – sequence: 1 givenname: Felix Larbi surname: Aryeh fullname: Aryeh, Felix Larbi organization: University of Mines and Technology,Computer Sci. and Eng. Department,Tarkwa,Ghana – sequence: 2 givenname: Boniface Kayode surname: Alese fullname: Alese, Boniface Kayode organization: The Federal University of Technology,Department of Cybersecurity,Akure,Nigeria – sequence: 3 givenname: Olayemi surname: Olasehinde fullname: Olasehinde, Olayemi organization: Federal Polytechnic,Department of Computer Science,Ile Oluji,Ondo State,Nigeria |
| BookMark | eNo9j81KxDAYACPoQdd9Ai_xAVrz06T9jkvRVVjwoIK3JW2-YNialCRF9u1FXPY0l2FgbshliAEJuees5pzBQ38cML1tGpCc14IJVgOXoFtxQdbQdrwVHdcamLgmn9tk5i8_momaYKZj9plGR0czlyWhpQHLT0wHOpvxgCVTFxO1WHAsPoY_My959qOPSz67IVrMt-TKmSnj-sQV-Xh6fO-fq93r9qXf7CovmCzV0KGzWigYlESulLGNko3CgbFmQCucdFowANAcmq6VrTCgkAE6PgBTnVyRu_-uR8T9nPy3Scf96Vf-AlojUjY |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/CyberSA49311.2020.9139672 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library Online IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: http://ieeexplore.ieee.org/Xplore/DynWel.jsp sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781728166902 172816690X |
| EndPage | 5 |
| ExternalDocumentID | 9139672 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-b8efd6259b53e155ad45345eb004bed2f3f620999619487372a95e09ef1b90583 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:38:15 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-b8efd6259b53e155ad45345eb004bed2f3f620999619487372a95e09ef1b90583 |
| PageCount | 5 |
| ParticipantIDs | ieee_primary_9139672 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-June |
| PublicationDateYYYYMMDD | 2020-06-01 |
| PublicationDate_xml | – month: 06 year: 2020 text: 2020-June |
| PublicationDecade | 2020 |
| PublicationTitle | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) |
| PublicationTitleAbbrev | CyberSA |
| PublicationYear | 2020 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.7796339 |
| Snippet | The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | (UDP)Transmission Control Protocol (TCP) Internet Internet Control Message Protocol (ICMP) IP networks Libraries Packet Capture (PCAP) Payloads Telecommunication traffic User Datagram Protocol |
| Title | Graphical analysis of captured network packets for detection of suspicious network nodes |
| URI | https://ieeexplore.ieee.org/document/9139672 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA62B_Gk0opvInh0282rSY5SW3sSoQq9lWQzC0XYLd3dg_--O7tLRfDiLYSBwAQyj3zfN4Q8qiQNIeEu4sElkdSQRFY4GRnlMJzGXjX06MVSv63Mywxlcp4OXBgAaMBnMMJl85cf8qTCVtkYJSwnun5we9qalqt1TB462czx9NvDbvksrWBY-PF41Nn_GpzSxI356f9OPCPDHwIefT-ElnNyBNmArF5RXBqdSl0nJULzlCZui78AgWYtopvWVfAXlAWt01EaoGywVhlaFlWx3SQIej3YZnmAYkg-57OP6SLqBiNEGx6LMvIG0oCFi1cC6oTABamEVDgGSHoIPBXpBCmxFlsUBgfROKsgtpAyb2NlxAXpZ3kGl4QaNuFOe-eZ85J5ZQL3XseBgdTCM7giA_TKettqX6w7h1z_vX1DTtDxLZTqlvTLXQV3pFeE6r65rT3XBJlV |
| link.rule.ids | 310,311,782,786,791,792,798,27934,54767 |
| linkProvider | IEEE |
| linkToHtml | http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA46QT2pbOJvI3i0W9skTXqUuTlxDmETdhtJ8wpDaMvaHvzv7WvLRPDiLYSEwAvk_cj3fY-QexHF1ka-dnyrI4dLiJyQae4oodGdukbU9OjJXM6W6mmEMjkPWy4MANTgM-jjsP7Lt2lUYqlsgBKWgawe3D3BZSAbttY-uWuFMwfDLwOb-SMPmYepn-_22x2_WqfUnmN89L8zj0nvh4JH37fO5YTsQNIly2eUl0azUt2KidA0ppHO8B_A0qTBdNMqD_6EIqdVQEotFDXaKsGVeZln6whhr9u1SWoh75GP8WgxnDhtawRn7buscIyC2GLqYgSDKiTQlgvGBTYC4gasH7M4QFJsiEUKha1odCjADSH2TOgKxU5JJ0kTOCNUeYGvpdHG04Z7RijrGyNd6wGXzHhwTrpolVXWqF-sWoNc_D19Sw4mi7fpavoye70kh3gJDbDqinSKTQnXZDe35U19c98XDZym |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2020+International+Conference+on+Cyber+Situational+Awareness%2C+Data+Analytics+and+Assessment+%28CyberSA%29&rft.atitle=Graphical+analysis+of+captured+network+packets+for+detection+of+suspicious+network+nodes&rft.au=Aryeh%2C+Felix+Larbi&rft.au=Alese%2C+Boniface+Kayode&rft.au=Olasehinde%2C+Olayemi&rft.date=2020-06-01&rft.pub=IEEE&rft.spage=1&rft.epage=5&rft_id=info:doi/10.1109%2FCyberSA49311.2020.9139672&rft.externalDocID=9139672 |