Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah
Brute force attacks remain a serious cybersecurity issue, and much research is being conducted to create brute force attack prevention and detection approaches. However, employees' lack of security awareness when it comes to brute force attacks makes them ideal targets for hackers and cybercrim...
Saved in:
主要作者: | |
---|---|
格式: | Student Project |
语言: | English |
出版: |
2022
|
主题: | |
在线阅读: | https://ir.uitm.edu.my/id/eprint/83346/2/83346.pdf https://ir.uitm.edu.my/id/eprint/83346/ |
标签: |
添加标签
没有标签, 成为第一个标记此记录!
|
id |
my.uitm.ir.83346 |
---|---|
record_format |
eprints |
spelling |
my.uitm.ir.833462023-09-25T02:19:55Z https://ir.uitm.edu.my/id/eprint/83346/ Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah Ahmad Shah, Nur Khaira Intrusion detection systems (Computer security). Computer network security. Hackers Brute force attacks remain a serious cybersecurity issue, and much research is being conducted to create brute force attack prevention and detection approaches. However, employees' lack of security awareness when it comes to brute force attacks makes them ideal targets for hackers and cybercriminals. Furthermore, the current increase in cybersecurity attacks makes network traffic analysis even more vital. Monitoring network traffic for anomalous behaviour allows for the discovery and prevention of cybersecurity attacks in real-time. Nonetheless, the lack of proper analysis on cybersecurity activities such as network traffic allows the hacker to abuse the website by benefiting from advertisements, stealing personal data, and spreading malware to create disruptions. As a result, this study presents a brute force attack analysis on an experimental testbed for subsequent deployment in SMEs by utilising Wireshark. The research objectives are to create an experimental testbed for showing brute force activities and analyzing network traffic with Graphical Network Simulator-3 (GNS3), as well as to assess limit login attempts in WordPress by examining its capacity to identify and filter brute force attacks. An experimental testbed comprised of one web server, one attacker host, two Cisco 3745 Routers, two GNS3 generic Ethernet switches, and three GNS3 Virtual PC Simulators is developed. Hydra in Kali Linux was used to generate the brute force attack. This project has produced three scenarios. The first and second scenarios examine network traffic before and after the brute force attack respectively, while the third scenario examines one of the brute force attack mitigation measures. For Scenarios 1 and 2, Wireshark is used to examine network traffic. Scenario 2 has a higher total number of packets, average packet size, and average packet per second than Scenario 1 and Scenario 3. Furthermore, filters such as http. request.method=="POST" and http.response.code==302 are used in Wireshark to identify login attempts. Moreover, WordPress's restricted login attempts successfully mitigate brute force attacks. This project can be expanded in the future to include an application that detects brute force attacks and notifies the user of the intrusion through notice or email. 2022 Student Project NonPeerReviewed text en https://ir.uitm.edu.my/id/eprint/83346/2/83346.pdf Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah. (2022) [Student Project] (Submitted) |
institution |
Universiti Teknologi Mara |
building |
Tun Abdul Razak Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Teknologi Mara |
content_source |
UiTM Institutional Repository |
url_provider |
http://ir.uitm.edu.my/ |
language |
English |
topic |
Intrusion detection systems (Computer security). Computer network security. Hackers |
spellingShingle |
Intrusion detection systems (Computer security). Computer network security. Hackers Ahmad Shah, Nur Khaira Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
description |
Brute force attacks remain a serious cybersecurity issue, and much research is being conducted to create brute force attack prevention and detection approaches. However, employees' lack of security awareness when it comes to brute force attacks makes them ideal targets for hackers and cybercriminals. Furthermore, the current increase in cybersecurity attacks makes network traffic analysis even more vital. Monitoring network traffic for anomalous behaviour allows for the discovery and prevention of cybersecurity attacks in real-time. Nonetheless, the lack of proper analysis on cybersecurity activities such as network traffic allows the hacker to abuse the website by benefiting from advertisements, stealing personal data, and spreading malware to create disruptions. As a result, this study presents a brute force attack analysis on an experimental testbed for subsequent deployment in SMEs by utilising Wireshark. The research objectives are to create an experimental testbed for showing brute force activities and analyzing network traffic with Graphical Network Simulator-3 (GNS3), as well as to assess limit login attempts in WordPress by examining its capacity to identify and filter brute force attacks. An experimental testbed comprised of one web server, one attacker host, two Cisco 3745 Routers, two GNS3 generic Ethernet switches, and three GNS3 Virtual PC Simulators is developed. Hydra in Kali Linux was used to generate the brute force attack. This project has produced three scenarios. The first and second scenarios examine network traffic before and after the brute force attack respectively, while the third scenario examines one of the brute force attack mitigation measures. For Scenarios 1 and 2, Wireshark is used to examine network traffic. Scenario 2 has a higher total number of packets, average packet size, and average packet per second than Scenario 1 and Scenario 3. Furthermore, filters such as http. request.method=="POST" and http.response.code==302 are used in Wireshark to identify login attempts. Moreover, WordPress's restricted login attempts successfully mitigate brute force attacks. This project can be expanded in the future to include an application that detects brute force attacks and notifies the user of the intrusion through notice or email. |
format |
Student Project |
author |
Ahmad Shah, Nur Khaira |
author_facet |
Ahmad Shah, Nur Khaira |
author_sort |
Ahmad Shah, Nur Khaira |
title |
Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
title_short |
Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
title_full |
Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
title_fullStr |
Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
title_full_unstemmed |
Detecting brute force attacks and analyzing network traffic using Wireshark / Nur Khaira Ahmad Shah |
title_sort |
detecting brute force attacks and analyzing network traffic using wireshark / nur khaira ahmad shah |
publishDate |
2022 |
url |
https://ir.uitm.edu.my/id/eprint/83346/2/83346.pdf https://ir.uitm.edu.my/id/eprint/83346/ |
_version_ |
1778165942250897408 |
score |
13.154905 |