Network Threat Detection and Modelling
Mahendra V1, Manjunatha G S2, Nagaraja G S3, Shushrutha K S4
1Mahendra V, BE Student, Department of Computer Science and Engineering, RV College of Engineering, Bengaluru (Karnataka), India.
2Manjunatha G S, BE Student, Department of Electronics and Communication Engineering, RV College of Engineering, Bengaluru (Karnataka), India.
3Dr. Nagaraja G S, Professor and Associate Dean, Department of Computer Science and Engineering, RV College of Engineering, Bengaluru (Karnataka), India.
4Dr. Shushrutha K S, Associate Professor, Department of Electronics and Communication and Engineering, RV College of Engineering, Bengaluru (Karnataka), India.
Manuscript received on 01 June 2024 | Revised Manuscript received on 21 October 2024 | Manuscript Accepted on 15 November 2024 | Manuscript published on 30 November 2024 | PP: 16-19 | Volume-12 Issue-12, November 2024 | Retrieval Number: 100.1/ijese.H96290712823 | DOI: 10.35940/ijese.H9629.12121124
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Network threat detection and modelling are critical aspects of network security in an organization since the many devices connecting to the internet can be vulnerable. Network attacks are unauthorised actions taken on digital assets within an organisational network. Malicious parties usually execute network attacks to alter, destroy, or steal private data. Perpetrators in network attacks tend to target network perimeters to gain access to internal systems. In this project, the incoming traffic and outgoing network traffic are analysed from several devices within an organisation, and security is determined and made easy to visualise by the security analyst to take necessary action. Firstly, the network traffic-related information is collected from assets or endpoints in an organisation that are exposed to the external world. The assets will have data related to the external world in the form of IP addresses, indicating which domain or traffic they are connected to or being accepted. These IP addresses are processed to obtain the actual location and domain, which is used to visualise the geographical location of incoming and outgoing traffic. Additionally, data such as port numbers is collected to determine the protocol being used by assets and ensure their security. Vulnerable port numbers are displayed in the user Interface to enable the security analyst to take necessary action in this project, for threat detection. Some of the standard compliance benchmarks, such as those from the Centre for Internet Security (CIS), are used to determine network vulnerabilities in assets that attackers can easily attack. These standards then verify the firewall configurations and other network configurations. Suppose any of the required checks or compliance failures are indicated as a threat in the UI. In that case, a security analyst can take necessary action on that particular asset that has a security breach or is vulnerable.
Keywords: Center for Internet Security, Internet Protocol.
Scope of the Article: Network Modelling and Simulation