Using network packet generators and snort rules for teaching denial of service attacks

Trabelsi, Zouheir; AlKetbi, Latifa Mohammad Baynouna

doi:10.1145/2462476.2465580

Cited by 21 publications

(10 citation statements)

References 11 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To detect the port scan threat, a few studies and commercial services have defined their thresholds in the unit of packets per second (PPS). To detect TCP-SYN and UDP flooding attacks, threshold values were set to 20 incomplete TCP-SYN and 10 UDP PPS in [33] and 200 incomplete TCP-SYN and 300 UDP PPS in [34]. Commercial network devices such as routers and firewalls also have default rules unique to them to detect these attacks as follows, 128 incomplete TCP-SYN and 500 UDP PPS for Cisco [35] and 25 incomplete TCP-SYN PPS in the Juniper Networks firewall [36].…”

Section: Limitation Of Supervised Learning-based Approachmentioning

confidence: 99%

See 1 more Smart Citation

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

et al. 2020

View full text Add to dashboard Cite

Although network address translation (NAT) provides various advantages, it may cause potential threats to network operations. For network administrators to operate networks effectively and securely, it may be necessary to verify whether an assigned IP address is using NAT or not. In this paper, we propose a supervised learning-based active NAT device (NATD) identification using port response patterns. The proposed model utilizes the asymmetric port response patterns between NATD and non-NATD. In addition, to reduce the time and to solve the security issue that supervised learning approaches exhibit, we propose a fast and stealthy NATD identification method. The proposed method can perform the identification remotely, unlike conventional methods that should operate in the same network as the targets. The experimental results demonstrate that the proposed method is effective, exhibiting a F1 score of over 90%. With the efficient features of the proposed methods, we recommend some practical use cases that can contribute to managing networks securely and effectively.

show abstract

Section: Limitation Of Supervised Learning-based Approachmentioning

confidence: 99%

“…For example, let us consider M = 30 and N = 1. Then, it requires 1 s for [35,36], and 2 s for [33,34], as shown in Figure 5.…”

Section: Dt-fs: Dt-based Fast and Stealthy Natd Identificationmentioning

confidence: 99%

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In fact, teaching ethical hacking techniques has become a vital component of information security programs that aim to produce competent information security professionals [2][3][4][5][6][7][8][9][10][11]. Therefore, information security students need exposure to offensive techniques, along with defensive techniques.…”

Section: Introductionmentioning

confidence: 99%

Virtualization based ethical educational platform for hands-on lab activities on DoS attacks

Kaabi¹,

Kindi²,

Fazari³

et al. 2016

2016 IEEE Global Engineering Education Conference (EDUCON)

Self Cite

View full text Add to dashboard Cite

Recently, teaching ethical hacking techniques has become a vital component of information security programs that aim to produce competent information security professionals. Students need exposure to offensive techniques developed usually by hackers, along with the defensive techniques. This is problematic since students need to work with tools that may pose threat to the stability and security of the laboratories' computers and live networks within academic institutions. In an attempt to overcome the aforementioned issue, this paper discusses an ethical educational platform, called DoS_VLab, that aims at allowing students experience common denial of service (DoS) attacks, in secure academic environment. DoS_VLab platform is based on virtualization technologies and GNS3 network simulator for building virtual networks. Compared to traditional physical laboratories, practices show that the DoS_VLab platform helped produce more lab practices within the students, reduced training hours required for implementing hands-on lab exercises, and resulted in higher completion rate of the hands-on lab exercises.

show abstract

“…Hands-on lab exercises on various information security topics have focus primarily on desktop environments, whether physical or virtual, and consequently can be implemented only inside isolated laboratories environments (Whitman et al 2014;Trabelsi and Alketbi 2013;Trabelsi 2011;Vigna 2003a, b;Yuan and Zhong 2008;Caltagirone et al 2006;Hill et al 2001, andTrabelsi andMustafa 2014). Recently, the computing landscape, however, is shifting.…”

Section: Introductionmentioning

confidence: 99%

Android based mobile apps for information security hands-on education

et al. 2015

Self Cite

View full text Add to dashboard Cite

As mobile devices grow increasingly in popularity within the student community, novel educational activities and tools, as well as learning approaches can be developed to get benefit from this prevalence of mobile devices (e.g. mobility and closeness to students' daily lives). Particularly, information security education should reflect the current trend in computing platforms away from the desktop and towards mobile devices. This paper discusses a case study of a learning approach that aims at taking advantages of the benefits of mobile devices and the best practices in learning information security, as well as promoting students' interests and increasing their self-efficacy. The learning approach uses two Android learning apps to enhance students' hands-on skills on firewall filtering rules implementation, by practicing network traffic filtering outside the traditional laboratory activities, in the real-world environment; i.e., anywhere and anytime, at the students' convenience. Practically, the two Android apps are a firewall app and a packet generator app; both apps are freely available at Google Play Store. Based on statistics from the Google Play Store, in about one and a half years, the packet generator app turned popular with over 20,000 downloads worldwide and a 3.75 users' rating. A comparative analysis of various existing Android firewall apps with the proposed firewall app emphasizes its significance. The impact of the Android apps on the students' performance in terms of achieving the course outcomes is also discussed.

show abstract

Using network packet generators and snort rules for teaching denial of service attacks

Cited by 21 publications

References 11 publications

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

Virtualization based ethical educational platform for hands-on lab activities on DoS attacks

Android based mobile apps for information security hands-on education

Contact Info

Product

Resources

About