By: D Chandravathi, P.V.S.S. Praneeth, Abida Sakina, Kotti Anjanaa, and Botcha_123
1-Associate Professor, Department of Computer Science Engineering, Gayatri Vidya Parishad College, Srinivasa Nagar, Madhura Wada, Visakhapatnam, Andhra Pradesh, India
2-Student, Department of Computer Science Engineering, Gayatri Vidya Parishad College, Gayatri Vidya Parishad College, Srinivasa Nagar, Madhura Wada, Visakhapatnam, Andhra Pradesh, India
3-Student, Department of Computer Science Engineering, Gayatri Vidya Parishad College, Gayatri Vidya Parishad College, Srinivasa Nagar, Madhura Wada, Visakhapatnam, Andhra Pradesh, India
4-Student, Department of Computer Science Engineering, Gayatri Vidya Parishad College, Gayatri Vidya Parishad College, Srinivasa Nagar, Madhura Wada, Visakhapatnam, Andhra Pradesh, India
5-Student, Department of Computer Science Engineering, Gayatri Vidya Parishad College, Gayatri Vidya Parishad College, Srinivasa Nagar, Madhura Wada, Visakhapatnam, Andhra Pradesh, India
The growth of networked devices has highlighted the desire for advanced intrusion detection (IDS) tools to protect digital systems from evolving cyber threats. Traditional IDS systems are often difficult to adapt to the threat environment because they rely on predefined signature lists. This study presents a new approach that combines Wireshark, a widely used network packet analysis tool, with advanced machine learning for intrusion detection. Our system leverages Wireshark’s data ingestion and analysis capabilities and algorithms such as gradient boosting, Naive–Bayes, and random forests, providing greater accuracy in detecting defects and potential intrusions in network traffic data throughput. It provides effective protection against a variety of cyber threats, including DDoS attacks, and complies with regulatory standard. This research represents a significant advance in cybersecurity reform, enabling organizations to mitigate threats in real-time and support collaborative defenses in a persistent digital environment. A system called an intrusion detection system (IDS) observes network traffic for malicious transactions and sends immediate alerts when it is observed. It is software that checks a network or system for malicious activities or policy violations. Each illegal activity or violation is often recorded either centrally using an SIEM system or notified to an administration. IDS monitors a network or system for malicious activity and protects a computer network from unauthorized access from users, including perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between “bad connections” (intrusion/attacks) and “good (normal) connections.
Keywords: DDos attack, IDS, intrusion detection, machine learning, malicious attacks, Naïve–Bayes, random forest
Citation:
Refrences:
- Alia Y, Eric A. Evaluation of capabilities of Wireshark as intrusion detection system. J Glob Res Comput Sci. 2018; 9 (8).
- Kumar S. Detect/analyze scanning traffic using Wireshark. PenTest Magazine, 2013, June.
- Pavithirakini S, Bandra DDMM, Gunawardhana CN. Improve the capabilities of Wireshark as a tool for intrusion detection in DOS attacks. Int J Sci Res Publicat. 2016; 6 (4): 378–384.
- Naaz S, Badroo FA. Investigating DHCP and DNS protocols using Wireshark. IOSR J Comput Eng. 2016; 18 (3):1–8p.
- Pottner W-B, Wolf L. IEEE 802.15.4 packet analysis with Wireshark and off-the-shelf hardware. Institute of Operating System and Computer Networks.
- Khan M, Alshomrani S, Qamar S. Investigation of DHCP packets using Wireshark. Int J Comput Appl. 2013; 63 (4): 1–9p.
- Choudhary S, Singh N. Safety measures and auto detection against SQL injection attacks. Int J Eng Adv Technol. 2019; 9 (2): 2827–2833p.
- Sinha K, Choudhary S, Paul S, Paul P. Security of multimedia in cloud using secret shared key. International Conference on Computing, Power and Communication Technologies. IEEE, Greater Noida, India. 2018. pp. 908–912.
- Iqbal H, Naaz S. Wireshark as a tool for detection of various LAN attacks. Int J Comput Sci Eng. 2019; 7 (5): 833–837.
- Banerjee U, Vashishtha A, Saxena S. Evaluation of Capabilities of Wireshark as a tool for intrusion detection system. Int J Comput Appl. 2010; 6 (7).
- Chiu M-H, Yang K-P, Meyer R, Kidder T. Analysis of a man-in-the-middle experiment with Wireshark.
- Bejtlich R. The Tao of network security monitoring: beyond intrusion detection. Pearson Education; 2004.
- Stolze M, Pawlitzek R, Wespi A. Visual problem-solving support for new event triage in centralized network security monitoring: challenges, tools and benefits. GI-SIDAR Conference IT-Incident Management and IT-Forensics (IMF); 2003.
- Roesch M. Snort-lightweight intrusion detection for networks. Proceedings of Thirteenth Systems Administration Conference (LISA). 1999. pp. 229–238.
- Pinkas B, Sander T, Securing passwords against dictionary attacks. Proceedings of the 9th ACM Conference on Computer and Communications Security. Association for Computing Machinery, Washington, DC, USA. 2002. pp. 161–170.
- Lee W, Stolfo SJ, Mok KW. Adaptive intrusion detection: a data mining approach. Artif Intell Rev. 2000; 14 (6): 533–567p.
- Ndatinya V, Xiao Z, Meng K. Network forensic analysis using Wireshark. Int J Sens Netw. 2015; 10 (2): 91p.
- Hebbar R, Mohan K. Packet analysis with network intrusion detection system. Int J Sci Res. 2015; 4 (2): 2246–2249p.
- Tsai C-F, Lin C-Y. ‘A triangle area based nearest neighbors’ approach to intrusion detection. Pattern Recognit. 2010; 43 (1): 222–229p.
- Mishra P, Varadharajan V, Tupakula U, Pilli ES. A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun Surv Tutor. 2018; 21 (1): 686–728p.
