A Network Forensic Framework for Port Scan Attack based on Efficient Packet Capturing
Rajni Ranjan Singh Makwana1, Deepak Singh Tomar2

1Rajni Ranjan Singh Makwana*, Ph.D Research Scholar, Department of CSE, Maulana Azad National Institute of Technology, Bhopal, India.
2Dr. Deepak Singh Tomar, Associate Professor, Department of CSE, Maulana Azad National Institute of Technology, Bhopal, India. 

Manuscript received on September 17, 2019. | Revised Manuscript received on 22 September, 2019. | Manuscript published on October 10, 2019. | PP: 4642-4641 | Volume-8 Issue-12, October 2019. | Retrieval Number: L38501081219/2019©BEIESP | DOI: 10.35940/ijitee.L3850.1081219
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: In the last two decades the networks become larger in scale, more complex in structure and more diversified in traffic. Which generate huge amount of network packets such as TCP, UDP and HTTP etc. Log files are repository for captured packets and play a vital role in investigation. However, a significant and obvious limitation of current packet logging is that, data storage volume increases rapidly depending on factors such as network bandwidth and the number of points in the network that need to be tapped. Forensic investigator needs to back up these recorded data to free up recording media and to preserve the data for future analysis. The objective of the proposed work is to build a network forensics framework that precisely scrutinizes only the relevant packets .In this work, a network forensic framework is developed subjected to port scanning attack to mitigate evidence gathering challenges faced by forensic investigator. It captures and processes only fine-grained evidences present in the network traffic stream. Moreover, in the captured relevant log, attack specific discovery is carried out to mine the exact packets utilized to execute the network attack. Hypotheses being developed to validate each machine against attack specific criteria’s. Only those machine who full fill the criteria will be scrutinizes for further analysis. To test and validate the effectiveness of the proposed framework two scenario have been developed, It is observed that developed system preciously securitizes the attack patterns and improved decrement in the log size is observed for both scenario developed that is about 93.12% and 95.65% respectively. It is also observed that only 6.09% and 1.93% of total traffic being scrutinized for NULL, FIN and XMAS attack in scenario 1 and 2 respectively. Similarly 19.88% and 13.42% packets of total packets are scrutinized for TCP Connect and SYN (Half open) scanning variant in scenario 1 and 2 respectively.
Keywords: Network Forensics, Intrusion Detection System, Port Scanning Attack.
Scope of the Article: Patterns and Frameworks