A System to detect suspicious activities in network traffic

Date
2019
Authors
Gesare, Roselyne Magangi
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Modern enterprise networks have become targets of attacks from Internet malware including worms, self-propagating bots, spamming bots, client-side infects (drive-by downloads) and phishing attacks. The results of a cyber-attack which include loss of company information, theft of money, costs of repairing the affected systems and perhaps damage to the reputation of the organization, can be devastating. However, with the right tools, security can dissect suspicious traffic to detect these attacks. When a company institutes a good method of network security surveillance, security analysts could be alerted within minutes of problems occurring in good time. It is with this aim that this study sought to research and develop a simple and robust system that could be used to detect suspicious activities in network traffic. Specifically, the study sought to; Discuss and analyze suspicious activities in network traffic and devices; analyze the existing techniques used to detect suspicious activities in network traffic; develop a system for detecting suspicious activities in a network traffic; and validate the proposed system. The study adopted an experimental design. The experiment was conducted on an Ubuntu machine running 16.04 LTS where Snort was installed alongside PulledPork, Barnyard2 and BASE to act as the Web GUI. ICMP large packets were sent to the network for detection and the system was able to detect, analyze and report them on the BASE GUI. The target population for this study was network traffic. The researcher generated the network traffic through sending data packets across the networks. The network traffic was analyzed by using the network security tools analyzed by the researcher and chosen based on their availability and compatibility with one another to come with the desired setup. This research was not aimed at reinventing the wheel but offering major improvement through precise feedback on what network administrators across different organizations could identify as suspicious activities in their networks
Description
Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore University
Keywords
Internet Control Message Protoco, PulledPork, Basic Analysis and Security Engine
Citation