Network Traffic Analysis for Real-Time Detection of Cyber Attacks

• Published in: 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom) pp. 642 - 646
• Main Authors: Patel, Mansi, Prabhu, S Raja, Agrawal, Animesh Kumar
• Format: Conference Proceeding
• Language: English
• Published: Bharati Vidyapeeth, New Delhi. Copy Right in Bulk will be transferred to IEEE by Bharati Vidyapeeth 17.03.2021
• Subjects: Cyberattack; DVWA; insider attack; Monitoring; Network forensics; network traffic; Organizations; Python; Real-time systems; Standards organizations; Telecommunication traffic; Web servers

Preventing the cyberattacks has been a concern for any organization. In this research, the authors propose a novel method to detect cyberattacks by monitoring and analyzing the network traffic. It was observed that the various log files that are created in the server does not contain all the relevant traces to detect a cyberattack. Hence, the HTTP traffic to the web server was analyzed to detect any potential cyberattacks. To validate the research, a web server was simulated using the Opensource Damn Vulnerable Web Application (DVWA) and the cyberattacks were simulated as per the OWASP standards. A python program was scripted that captured the network traffic to the DVWA server. This traffic was analyzed in real-time by reading the various HTTP parameters viz., URLs, Get / Post methods and the dependencies. The results were found to be encouraging as all the simulated attacks in real-time could be successfully detected. This work can be used as a template by various organizations to prevent any insider threat by monitoring the internal HTTP traffic.