Abstract
The network forensic analysis process involves preparation, collection, preservation, examination, analysis, investigation and presentation phases. The proposed system addresses the major challenges in collection, examination and analysis processes. The model is for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol that enables forensic experts to analyze the marked suspicious network traffic, thus facilitating cost effective storage and faster analysis of high bandwidth traffic. The ICMP attacks initiated by worms can be detected using this system. The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. Thus worm detection has become a vital part in the Intrusion Detection Systems. A reaction mechanism that seeks to automatically patch vulnerable software is also proposed. This system employs a collection of sensors that detect and capture potential worm infection vectors. The size of the log file generated by different sensors, used for detecting worm infection vectors can be efficiently reduced by the forensic architecture. It automatically tests the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Network forensics relates to the monitoring and analysis of computer network traffic for the purpose of information gathering, legal evidence or intrusion detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sidiroglou, S., Locasto, M.E., Keromytis, A.D.: Self healing software services. In: Workshop on Architectural Support for Security and Anti-Virus, vol. 33(1) (2008)
Sidiroglou, S., Keromytis, A.D.: A NetworkWorm Vaccine Architecture. In: Proceedings of the Proceeding WETICE 2003 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (2004)
Einwechter, N.: Identifying and Tracking Emerging and Subversive Worms Using Distributed Intrusion Detection Systems, SecurityFocus.com
Hong, S.-C., Zhao, L.-Q., Ju, H.-T., Hong, J.W.: Worm Traffic Monitoring and Infected Hosts Detection Algorithm for Local Network. In: Proceedings of 10th ACM Conference on Computer and Communications Security(CCS 2003), pp. 190–199 (2003)
Nazario, J.: Defense and Detection Strategies against Internet Worms. Artech House, Boston (2004) ISBN 1-58053-537-2
Zamboni, D., Riordan, J., Yates, M.: Boundary detection and containment of local worm infections. In: Proceedings of the 18th Annual FIRST Conference (2007)
Karthik, S., Samudrala, B., Yang, A.T.: Design of Network Security Projects Using Honeypots. Journal of Computing Sciences in Colleges 20(4)
Yasinsac, A., Manzano: Policies to Enhance Computer and Network Forensics. In: IEEE Workshop on Information Assurance and Security (2001)
Kaushik, A.K., Joshi, R.C.: Network Forensic System for ICMP Attacks. International Journal of Computer Applications 2(3), 975–8887 (2010)
Almulhem, A., Traore: Experience with Engineering a Network Forensics System. In: Proceedings of International Conference on Information Networking (2005)
Kumar, S.: Smurf-based Distributed Denial of Service(DDoS) Attack Amplification in Internet. In: Proceedings of International Conference on Internet Monitoring and Protection (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aathira, K.S., Kutty, T.N. (2011). Defense Strategy against Network Worms Causing ICMP Attacks and Its Forensic Analysis. In: Wyld, D.C., Wozniak, M., Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Advances in Network Security and Applications. CNSA 2011. Communications in Computer and Information Science, vol 196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22540-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-22540-6_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22539-0
Online ISBN: 978-3-642-22540-6
eBook Packages: Computer ScienceComputer Science (R0)