An Analytical Review on Packet Analysis for Network Forensics and Deep Packet Inspection in Network

Authors

  • Aniruddha R. Jaipurkar  Department of Computer Science and Engineering, Network & Security, MIT school of Engineering, Pune Maharashtra, India
  • Dr. Nilesh Marathe  Department of Computer Science and Engineering, Network & Security, MIT school of Engineering, Pune Maharashtra, India

Keywords:

Packet analysis, Deep packet inspection Network forensics, Packet sniffer Wireshark, Pcap, Digital evidence Network monitoring Intrusion detection

Abstract

Packet analysis is a fundamental traceback approach in network forensics. It can play back even the entirety of the network traffic for a specific point in time, provided that the packet details captured are sufficiently detailed. This can be utilised to discover evidence of malicious online behaviour, data breaches, unauthorised website access, malware infection, and attempted intrusions, as well as to reconstruct image files, documents, email attachments, and other types of data that have been transmitted across the network. This article offers a detailed study of the use of packet analysis in network forensics, including deep packet inspection. It also gives a discussion of AI-powered packet analysis algorithms that have enhanced network traffic classification and pattern identification capabilities. In light of the fact that not all information obtained through a network can be used as evidence in a legal proceeding, a comprehensive list of the kinds of digital information that might be allowed has been compiled. We take a look at the capabilities of both physical appliances and software packet analyzers from the point of view of their possible use in forensic investigations of computer networks.

References

  1. Afanasyev, M., Kohno, T., Ma, J., Murphy, N., Savage, S., Snoeren, A.C., Voelker, G.M., 2011. Privacy-preserving network forensics. Commun. ACM 54 (5), 78e87. https://doi.org/10.1145/1941487.1941508.
  2. Agrawal, N., Tapaswi, S., 2017. The performance analysis of honeypot based intru- sion detection system for wireless network. Int. J. Wirel. Inf.  Netw.  24  (1), 14e26. https://doi.org/10.1007/s10776-016-0330-3.
  3. Al-Duwairi, B., Govindarasu, M., 2006. Novel hybrid schemes employing packet marking and logging for IP traceback. IEEE T. Parall. Distr. 17 (5), 403e418. https://doi.org/10.1109/TPDS.2006.63.
  4. Alhawi, O.M.K., Baldwin, J., Dehghantanha, A., 2018. Leveraging machine learning techniques for Windows ransomware network traffic detection. In: Dehghantanha, A., Conti, M., Dargahi, T. (Eds.), Cyber Threat Intelligence. Springer, Cham, pp. 93e106. https://doi.org/10.1007/978-3-319-73951-9_5.
  5. Alshammari, R., Zincir-Heywood, A.N., 2015. Identification of VoIP encrypted traffic using a machine learning approach. J. King Saud Univ. Comput. Inf. Sci. 27 (1), 77e92. https://doi.org/10.1016/j.jksuci.2014.03.013.
  6. Alsmadi, I., Burdwell, R., Aleroud, A., Wahbeh, A., Al-Qudah, M., Al-Omari, A., 2018. Network forensics: lesson plans. Practical Information Security: A Competency- Based Education Course. Springer, Cham, pp. 245e282. https://doi.org/10.1007/978-3-319-72119-4_11.
  7. Ansari, S., Rajeev, S.G., Chandrashekar, H.S., 2003. Packet sniffing: a brief intro- duction. IEEE Potentials 21 (5), 17e19. https://doi.org/10.1109/MP.2002.1166620.
  8. Bellovin, S.M., Leech, M., 2000. ICMP traceback messages. https://www.ietf.org/ proceedings/51/I-D/draft-ietf-itrace-00.txt.
  9. Ben-Asher, N., Oltramari, A., Erbacher, R.F., Gonzalez, C., 2015. Ontology-based adaptive systems of cyber defense. In: Laskey, K.B., Emmons, I., Costa, P.C.G., Oltramari, A. (Eds.), Proceedings of the Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen, Aachen, pp. 34e41. http://ceur-ws.org/ Vol-1523/STIDS_2015_T05_BenAsher_etal.pdf.
  10. Beverly, R., Garfinkel, S., Cardwell, G., 2011. Forensic carving of network packets and associated data structures. Digit. Invest. 8, S78eS89. https://doi.org/10.1016/ j.diin.2011.05.010.
  11. Bhandari, A., Gautam, S., Koirala, T.K., Islam, M.R., 2017. Packet sniffing and network traffic analysis using TCPda new approach. In: Kalam, A., Das, S., Sharma,  K. (Eds.), Advances in Electronics, Communication and Computing. Springer, Singapore, pp. 273e280. https://doi.org/10.1007/978-981-10-4765-7_28.
  12. Boukhtouta, A., Mokhov, S.A., Lakhdari, N.-E., Debbabi, M., Paquet, J., 2016. Network malware classification comparison using DPI and flow packet headers.
  13. J. Comput. Virol. Hacking Tech. 12 (2), 69e100. https://doi.org/10.1007/s11416- 015-0247-x.
  14. Broadway, J., Turnbull, B., Slay, J., 2008. Improving the analysis of lawfully inter- cepted network packet data  captured  for  forensic  analysis.  In:  Jakoubi,  S., Tjoa, S., Weippl, E.R. (Eds.), Third International Conference on Availability, Reliability  and Security. IEEE  Computer   Society,   Los   Alamitos,   CA,   USA, pp. 1361e1368. https://doi.org/10.1109/ARES.2008.122.
  15. Burch, H., Cheswick, B., 2000. Tracing anonymous packets to their approximate source. Proceedings of the 14th USENIX Conference on System Administration. USENIX, Berkeley, CA, USA, pp. 319e328. https://www.usenix.org/legacy/ publications/library/proceedings/lisa2000/full_papers/burch/burch_html/.
  16. Burschka, S., Dupasquier, B., 2016. Tranalyzer: versatile high performance network traffic analyser. 2016 IEEE Symposium Series on Computational Intelligence. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/SSCI.2016.7849909.
  17. Carvalho, D.A., Pereira, M., Freire, M.M., 2009. Towards the detection of encrypted BitTorrent  traffic  through  deep   packet  inspection.   In:  S´le˛ zak,   D.,   Kim,   T.-H.,
  18. Fang, W.-C., Arnett, K.P. (Eds.), Security  Technology.  Springer,  Heidelberg, pp. 265e272. https://doi.org/10.1007/978-3-642-10847-1_33.
  19. Chapman, C., 2016. Using Wireshark and TCP dump to visualize traffic. In: Network Performance and Security: Testing and Analyzing Using Open Source and Low- Cost Tools. Syngress, Cambridge, MA, USA. https://doi.org/10.1016/B978-0-12- 803584-9.00007-X.
  20. Clarke, N., Li, F., Furnell, S., 2017. A novel privacy preserving user identification approach for network traffic. Comput. Secur. 70, 335e350. https://doi.org/ 10.1016/j.cose.2017.06.012.
  21. Cui, Y., Xue, J., Wang, Y., Liu, Z., Zhang, J., 2018. Research of Snort rule extension and APT detection based on APT network behavior analysis. In: Zhang, H., Zhao, B., Yan, F. (Eds.), Trusted Computing and Information Security. Springer, Singapore, pp. 51e64. https://doi.org/10.1007/978-981-13-5913-2_4.
  22. Das, R., Tuna, G., 2017. Packet tracing and analysis of network cameras with Wireshark. In: Genge, B., Haller, P. (Eds.), 5th  International  Symposium  on Digital Forensic and Security. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/ ISDFS.2017.7916510.
  23. Dong, S., Jain,  R., 2019. Flow online  identification  method for  the  encrypted Skype. J. Netw. Comput. Appl. 132, 75e85. https://doi.org/10.1016/j.jnca.2019.01.007.
  24. Duncan, R., Jungck, P., 2009. packetC language for high performance packet pro- cessing. 11th IEEE International Conference on High Performance  Computing and  Communications.  IEEE  Computer  Society,  Los    Alamitos,    CA,    USA, pp. 450e457. https://doi.org/10.1109/HPCC.2009.89.
  25. Garfinkel, S.L., 2013. Passive TCP Reconstruction and Forensic Analysis with Tcpflow. Technical Report. Naval Postgraduate School. https://core.ac.uk/download/pdf/ 36728558.pdf.
  26. Gong, C., Sarac, K., 2005. IP traceback based on packet marking and logging. IEEE International  Conference on Communications.  IEEE,   Piscataway,   NJ,   USA, pp. 1043e1047. https://doi.org/10.1109/ICC.2005.1494507.
  27. Goyal, P., Goyal, A., 2017. Comparative study of two most popular packet sniffing tools-Tcpdump and Wireshark. 9th International Conference on Computational Intelligence and Communication Networks. IEEE, pp. 77e81. https://doi.org/ 10.1109/CICN.2017.8319360.
  28. Guo, Y., Gao, Y., Wang, Y., Qin, M., Pu, Y., Wang, Z., Liu, D., Chen, X., Gao, T., Lv, T.,
  29. Fu, Z., 2017. DPI & DFI: a malicious behavior detection method combining deep packet inspection and deep flow inspection. Procedia Engineer. 174, 1309e1314. https://doi.org/10.1016/j.proeng.2017.01.276.
  30. Hong, X., Hu, C., Wang, Z., Wang, G., Wan, Y., 2012. VisSRA: visualizing Snort rules and alerts. In: Tomar, G.S., Sharma, T.N., Bhatnagar, D. (Eds.), Fourth Interna- tional Conference on Computational Intelligence and Communication Net- works. IEEE Computer Society, Los Alamitos, CA, USA, pp. 441e444. https:// doi.org/10.1109/CICN.2012.207.
  31. Huang, J., Zhu, B., Chen, Z., 2012. Video traffic detection method for deep packet inspection. In: Jin, D., Lin, S. (Eds.), Advances in Computer Science and Infor- mation Engineering, 2. Springer, Heidelberg, pp. 135e140. https://doi.org/ 10.1007/978-3-642-30223-7_22.
  32. Hurd, D., 2018. Endace fusion partners: redefining cybersecurity with Cisco. https:// youtu.be/iRagH8y0GBA.
  33. Indira, B., Valarmathi, K., Devaraj, D., 2019. An approach to enhance packet classification performance of software-defined network using deep learning. Soft Comput. 23 (18), 8609e8619. https://doi.org/10.1007/s00500-019-03975-8.
  34. Islam, M.R., Koirala, T.K., Khatun, F., 2018. Network traffic analysis  and  packet sniffing using UDP. In: Bera, R., Sarkar, S.K., Chakraborty, S. (Eds.), Advances in Communication, Devices and Networking. Springer, Singapore, pp. 907e914. https://doi.org/10.1007/978-981-10-7901-6_97.
  35. Jandaeng, C., 2016. Embedded packet logger for network monitoring system. In: Sulaiman, H.A., Othman, M.A., Othman, M.F.I., Rahim, Y.A., Pee, N.C. (Eds.), Advanced Computer and Communication Engineering Technology. Springer, Cham, pp. 1093e1102. https://doi.org/10.1007/978-3-319-24584-3_93.
  36. Johansen, G., 2017. Acquiring host-based evidence. In: Digital Forensics and Incident Response: an Intelligent Way to Respond to Attacks. Packt Publishing, Bir- mingham, UK.
  37. Joshi, R., Pilli, E.S., 2016. Network forensic tools. In: Fundamentals of Network Fo- rensics. Springer, London, pp. 71-93.
  38. Jungck, P., Duncan, R., Mulcahy, D., 2011. packetC Programming. Apress. https:// doi.org/10.1007/978-1-4302-4159-1.
  39. Kaushik, A.K., Pilli, E.S., Joshi, R.C., 2010. Network forensic analysis by correlation of attacks with network attributes. In: Das, V.V., Vijaykumar, R. (Eds.), Information and Communication Technologies. Springer, Heidelberg, pp. 124e128. https:// doi.org/10.1007/978-3-642-15766-0_18.
  40. Kim, H.S., Kim, H.K., 2011. Network forensic evidence  acquisition  (NFEA)  with packet marking. In: Ninth International Symposium on Parallel and Distributed Processing with Applications Workshops. IEEE Computer Society, Los Alamitos, CA, USA, pp. 388e393. https://doi.org/10.1109/ISPAW.2011.27.
  41. Kim, H., Kim, E., Kang, S., Kim, H.K., 2015. Network forensic evidence generation and verification scheme (NFEGVS). Telecommun. Syst. 60 (2), 261e273. https:// doi.org/10.1007/s11235-015-0028-3.
  42. Kim, Y.-H., Konow, R., Dujovne, D., Turletti, T., Dabbous, W., Navarro, G., 2015. PcapWT: an efficient packet extraction tool for large volume network traces. Comput. Network. 79, 91e102. https://doi.org/10.1016/j.comnet.2014.12.007.
  43. Kumar, A., Lim, T.J., 2020. Early detection of Mirai-like IoT bots in large-scale net- works through sub-sampled packet traffic analysis. In: Arai, K., Bhatia, R. (Eds.), Advances in Information and Communication. Springer, Cham, pp. 847e867. https://doi.org/10.1007/978-3-030-12385-7_58.
  44. Lee, Y., Kang, W., Lee, Y., 2011. A Hadoop-based packet trace processing tool. In: Domingo-Pascual, J., Shavitt, Y., Uhlig, S. (Eds.), Traffic Monitoring and Analysis. Springer, Heidelberg, pp. 51e63. https://doi.org/10.1007/978-3-642-20305-3_5. Lee, C., Park, M., Lee, J., Joe, I., 2012. Design and implementation of  packet analyzer for IEC 61850 communication networks in smart grid. In: Kim, T., Ko, D., Vasilakos, T., Stoica, A., Abawajy, J. (Eds.), Computer Applications for Commu- nication, Networking, and Digital Contents. Springer, Heidelberg, pp. 33e40.
  45. https://doi.org/10.1007/978-3-642-35594-3_5.
  46. Li, J., Su, J., Wang, X., Sun, H., Chen, S., 2017. CloudDPI: cloud-based privacy-pre- serving deep packet inspection via reversible sketch. In: Wen, S., Wu, W., Castiglione,  A.  (Eds.),  Cyberspace  Safety  and   Security.   Springer,   Cham, pp. 119e134. https://doi.org/10.1007/978-3-319-69471-9_9.
  47. Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M., 2019. Deep Packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. https://doi.org/10.1007/s00500-019-04030-2.
  48. Lovanshi, M., Bansal, P., 2019. Comparative study of  digital  forensic  tools.  In: Shukla, R.K., Agrawal, J., Sharma, S., Tomer, G.S. (Eds.), Data, Engineering and Applications. Springer, Singapore, pp. 195e204. https://doi.org/10.1007/978- 981-13-6351-1_15.
  49. Manesh, T., Brijith, B., Singh, M.P., 2011. An improved approach towards network forensic investigation of HTTP and FTP protocols. In: Nagamalai, D., Renault, E., Dhanuskodi, M. (Eds.), Advances in Parallel Distributed Computing. Springer, Heidelberg, pp. 385e392. https://doi.org/10.1007/978-3-642-24037-9_38.
  50. Mielczarek,  W.,  Mon´,  T.,  2015.  USB  data  capture  and  analysis  in  Windows  using USBPcap  and   Wireshark.  In:  Gaj,  P.,  Kwiecien´,  A.,  Stera,  P.  (Eds.),  Computer Networks. Springer, Cham, pp. 431e443. https://doi.org/10.1007/978-3-319- 19419-6_41.
  51. Murugesan, V., Selvaraj, M.S., Yang, M.-H., 2018. HPSIPT: a high-precision single- packet IP traceback scheme. Comput. Network. 143, 275e288. https://doi.org/ 10.1016/j.comnet.2018.07.013.
  52. Ndatinya, V., Xiao, Z., Manepalli, V.R., Meng, K., Xiao, Y., 2015. Network forensics analysis using Wireshark. Int. J. Secur. Netw. 10 (2), 91e106. https://doi.org/ 10.1504/IJSN.2015.070421.
  53. Nikkel, B.J., 2005. Generalizing sources of live network evidence. Digit. Invest. 2 (3), 193e200. https://doi.org/10.1016/j.diin.2005.08.001.
  54. Ning, J., Pelechrinis, K., Krishnamurthy, S.V., Govindan, R., 2013. On the trade-offs between collecting packet level forensic evidence and data delivery  perfor- mance in wireless networks. In: Kim, D.-I., Mueller, P. (Eds.), 2013 IEEE Inter- national    Conference    on    Communications.    IEEE,    Piscataway,    NJ,    USA, pp. 1688e1693. https://doi.org/10.1109/ICC.2013.6654760.
  55. Ohm, P., 2014. Should sniffing Wi-Fi be illegal? IEEE Secur. Priv. 12 (1), 73e76. https://doi.org/10.1109/MSP.2014.14.
  56. Orebaugh, A., Ramirez, G., Burke, J., Pesce, L., Wright, J., Morris, G., 2006. Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress, Rockland, MA, USA. https://www.sciencedirect.com/book/9781597490733/.
  57. Parra, G.L.T., Rad, P., Choo, K.-K.R., 2019. Implementation of deep packet inspection in smart grids and industrial Internet of Things: challenges and opportunities. J. Netw. Comput. Appl. 135, 32e46. https://doi.org/10.1016/j.jnca.2019.02.022.
  58. Parvat, T.J., Chandra, P., 2015. A novel approach to deep packet inspection for intrusion detection. Procedia Comput. Sci. 45, 506e513. https://doi.org/10.1016/ j.procs.2015.03.091.
  59. Rahman, M., Khalib, Z.I.A., Ahmad, R.B., 2009. Performance evaluation of PNtMS: a portable network traffic monitoring system on embedded Linux platform. In: Zhou, J., Zhou, X. (Eds.), 2009 International Conference on Computer Engi- neering and  Technology,  II.  IEEE  Computer  Society,  Los  Alamitos,  CA,  USA, pp. 108e113. https://doi.org/10.1109/ICCET.2009.37.
  60. Richter, P., Wohlfart, F., Vallina-Rodriguez, N., Allman, M., Bush, R., Feldmann, A., Kreibich, C., Weaver, N., Paxson, V., 2016. A multi-perspective analysis of carrier- grade NAT deployment. In: Proceedings of the 2016 Internet Measurement Conference. ACM, New York, pp. 215e229. https://doi.org/10.1145/ 2987443.2987474.
  61. Pimenta Rodrigues, G.A., De Oliveira Albuquerque, R.,  Gomes  de  Deus,  F.E.,  De Sousa Jr., R.T., De Oliveira Júnior, G.A., García Villalba, L.J., Kim, T.-H., 2017. Cybersecurity and network forensics: analysis of malicious traffic towards a honeynet with deep packet inspection. Appl. Sci. 7 (10), 1082e1110. https:// doi.org/10.3390/app7101082.
  62. Rounsavall, R., 2017. Full network traffic capture and replay. In: Vacca, J.R. (Ed.), Computer and Information Security Handbook, third ed. Morgan Kaufmann, Cambridge, MA, USA. https://doi.org/10.1016/B978-0-12-803843-7.00062-4.
  63. Salim, M.M., Rathore, S., Park, J.H., 2019. Distributed denial of service attacks and its defenses in IoT: a survey. J. Supercomput. https://doi.org/10.1007/s11227-019- 02945-z.
  64. Sanders, C., 2017. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems. No Starch Press, San Francisco.
  65. Savage, S., Wetherall, D., Karlin, A., Anderson, T., 2001. Network support for IP traceback. IEEE ACM Trans. Netw. 9 (3), 226-237.
  66. Senthivel, S., Ahmed, I., Roussev, V., 2017. SCADA network forensics of the PCCC protocol. Digit. Invest. 22, S57eS65. https://doi.org/10.1016/j.diin.2017.06.012.
  67. Shah, S.A.R., Issac, B., 2018. Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future  Gener.  Comput. Syst. 80, 157e170. https://doi.org/10.1016/j.future.2017.10.016.
  68. Shimonski, R., 2013. The Wireshark Field Guide. Syngress. https://doi.org/10.1016/ C2012-0-07287-0.
  69. Sikos, L.F. (Ed.), 2018. AI in Cybersecurity. Springer, Cham. https://doi.org/10.1007/ 978-3-319-98842-9.
  70. Sikos, L.F., 2019. Knowledge representation to support partially automated honey- pot analysis based on Wireshark packet capture files. In: Czarnowski, I., Howlett, R.J., Jain, L.C. (Eds.), Intelligent Decision Technologies 2019. Springer, Singapore, pp. 345e351. https://doi.org/10.1007/978-981-13-8311-3_30.
  71. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T., 2001. Hash-based IP traceback. In: SIGCOMM ’01. ACM. https:// doi.org/10.1145/383059.383060.
  72. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T., 2002. Single-packet IP traceback. IEEE/ACM Trans. Netw. 10 (6), 721e734. https://doi.org/10.1109/TNET.2002.804827.
  73. Song, D.X., Perrig, A., 2001. Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE INFOCOM 2001, 3. IEEE, Piscataway, NJ, USA, pp. 878e886. https://doi.org/10.1109/INFCOM.2001.916279.
  74. Stalla-Bourdillon, S., Papadaki, E., Chown, T., 2014. From porn to cybersecurity passing by copyright: how mass surveillance technologies are gaining  legiti- macy … the case of deep packet inspection technologies. Comput. Law Secur. Rep. 30 (6), 670e686. https://doi.org/10.1016/j.clsr.2014.09.006.
  75. Stallings, W., Case, T.L., 2012. Business Data Communications: Infrastructure, Networking and Security. Pearson, Upper Saddle River, NJ, USA.
  76. Stergiopoulos, G., Talavari, A., Bitsikas, E., Gritzalis, D., 2018. Automatic detection of various malicious traffic using side  channel features on TCP  packets. In:  Lopez, J., Zhou, J., Soriano, M. (Eds.), Computer Security. Springer, Cham, pp. 346-362.
  77. Stone,  R.,  2000.  CenterTrack:  an  IP  overlay  network  for  tracking  DoS  floods.  In: Proceedings of the 9th USENIX Security Symposium. USENIX, Berkeley, CA, USA, pp. 199e212. https://www.usenix.org/legacy/events/sec2000/full_papers/ stone/stone.pdf.
  78. Sy, D., Bao, L., 2006. CAPTRA: coordinated packet traceback. In: 5th International Conference on Information Processing  in  Sensor  Networks.  ACM,  New  York, pp. 152e159. https://doi.org/10.1145/1127777.1127803.
  79. Thomas, B., Mullins, B., Peterson, G., Mills, R., 2011. An FPGA system for detecting malicious DNS network traffic. In: Peterson, G., Shenoi, S. (Eds.), Advances in Digital Forensics VII. Springer, Heidelberg, pp. 195e207. https://doi.org/10.1007/ 978-3-642-24212-0_15.
  80. Turnbull, B., Slay, J., 2007. Wireless forensic analysis tools for use in the electronic evidence collection process. In: Ralph, H., Sprague, J. (Eds.), Proceedings of the 40th Annual Hawaii International Conference on System Sciences. IEEE Com- puter Society, Los Alamitos, CA, USA. https://doi.org/10.1109/HICSS.2007.617.
  81. van de Wiel, E., Scanlon, M., Le-Khac, N.-A., 2018. Enabling non-expert analysis of large volumes of intercepted network traffic. In: Peterson, G., Shenoi, S. (Eds.), Advances in Digital Forensics XIV. Springer, Cham, pp. 183e197. https://doi.org/ 10.1007/978-3-319-99277-8_11.
  82. Vukojevi´c,   S.,   2015.   Violation   of   user   privacy   by   IPTV   packet   sniffing   in   home network. In: Biljanovic,  P.,  Butkovic,  Z.,  Skala,  K.,  Mikac,  B.,  Cicin-Sain,  M., Sruk, V., Ribaric, S., Gros, S., Vrdoljak, B., Mauher, M., Sokolic, A. (Eds.), 38th International Convention on Information and Communication Technology, Electronics and Microelectronics. IEEE, pp. 1338e1343. https://doi.org/10.1109/ MIPRO.2015.7160482.
  83. Wang, M.-H., Yu, C.-M., Lin, C.-L., Tseng, C.-C., Yen, L.-H., 2014. KPAT: a kernel and protocol analysis tool for embedded networking devices. In:  Jamalipour,  A., Deng, D.-J. (Eds.), 2014 IEEE International Conference on Communications. IEEE, Piscataway, NJ, USA, pp. 1160e1165. https://doi.org/10.1109/ICC.2014.6883478.
  84. Xiang, Y., Zhou, W., Guo, M., 2008. Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE T. Parall. Distr. 20 (4), 567e580. https://doi.org/10.1109/TPDS.2008.132.
  85. Yang, J., Zhang, Y., King, R., Tolbert, T., 2018. Sniffing and chaffing network traffic in stepping-stone intrusion detection. In: Barolli, L., Takizawa, M., Enokido, T., Ogiela, M.R., Ogiela, L., Javaid, N. (Eds.), 32nd International Conference on Advanced Information Networking and Applications Workshops. IEEE  Com- puter Society, Los Alamitos, CA, USA, pp. 515e520. https://doi.org/10.1109/ WAINA.2018.00137.
  86. Yin, C., Wang, H., Wang, J., 2018. Network data stream classification by deep packet inspection and machine learning. In: Park, J.J., Loia, V., Choo, K.-K.R., Yi, G. (Eds.), Advanced  Multimedia  and  Ubiquitous  Engineering.  Springer,    Singapore, pp. 245e251. https://doi.org/10.1007/978-981-13-1328-8_31.
  87. Yin, C., Wang, H., Yin, X., Sun, R., Wang, J., 2018. Improved deep packet inspection in data stream detection. J. Supercomput. 75 (8), 4295e4308. https://doi.org/ 10.1007/s11227-018-2685-y.
  88. Yoon, J., DeBiase, M., 2018. Real-time analysis of big network packet streams by learning the likelihood of trusted sequences. In: Chin, F.Y.L.,  Chen,  C.L.P., Khan, L., Lee, K., Zhang, L.-J. (Eds.), Big Data e BigData 2018. Springer, Cham, pp. 43e56. https://doi.org/10.1007/978-3-319-94301-5_4.
  89. Yu, C., Lan, J., Xie, J., Hu, Y., 2018. QoS-aware traffic classification architecture using machine learning and deep packet inspection  in  SDNs. Procedia Comput. Sci. 131, 1209e1216. https://doi.org/10.1016/j.procs.2018.04.331.

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2022-08-30

Issue

Volume 9, Issue 4, July-August-2022

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Aniruddha R. Jaipurkar, Dr. Nilesh Marathe "An Analytical Review on Packet Analysis for Network Forensics and Deep Packet Inspection in Network" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 9, Issue 4, pp.147-167, July-August-2022.