Detecting Unusual Activities in Local Network Using Snort and Wireshark Tools

General Information

ISSN: 1798-2340 (Online)
Frequency: Monthly
DOI: 10.12720/jait
Indexing: ESCI (Web of Science), Scopus, CNKI, etc.
Acceptance Rate: 19%
APC: 500 USD
Average Days to Accept: 135 days
Journal Metrics:

Impact Factor 2022: 1.0

3.1

2022CiteScore

49th percentile

Powered by

Editor-in-Chief

Prof. Kin C. Yow

University of Regina, Saskatchewan, Canada

I'm delighted to serve as the Editor-in-Chief of Journal of Advances in Information Technology. JAIT is intended to reflect new directions of research and report latest advances in information technology. I will do my best to increase the prestige of the journal.

What's New

2024-04-28

Vol. 15, No. 4 has been published online!

2024-03-28

Vol. 15, No. 3 has been published online!

2024-02-26

The papers published in Vol. 15, Nos. 1&2 have been registered with Crossref.

Home > Published Issues > 2023 > Volume 14, No. 4, 2023 >

JAIT 2023 Vol.14(4): 616-624
doi: 10.12720/jait.14.4.616-624

Naif Alsharabi 1,2,*, Maha Alqunun 1, and Belal Abdullah Hezam Murshed 2,3

1. Department of Computer Engineering, College of Computer Science and Engineering, University of Ha’il, Ha’il 55476, Saudi Arabia; Email: s20200324@uoh.edu.sa (M.A.)
2. Department of Computer Science, College of Engineering and IT, Amran University, Amran 00967, Yemen
3. Department of Studies in Computer Science, Mysore University, Mysore-570006, Karnataka, India; Email: belal.a.hezam@gmail.com (B.A.H.M.)
*Correspondence: n.sharabi@uoh.edu.sa (N.A.)

Manuscript received October 27, 2022; revised December 9, 2022; accepted March 31, 2023; published July 5, 2023.

Abstract—Many organizations worldwide encounter security risks on their local network caused by malware, which might result in losing sensitive data. Thus, network administrators should use efficient tools to observe the instantaneous network traffic and detect any suspicious activity. This project aims to detect incidents in local networks based on snort and Wireshark tools. Wireshark and snort tools combine their advantages to achieve maximum benefit, enhance the security level of local networks, and protect data. Snort Intrusion Detection System (Snort-IDS) is a security tool for network security. Snort-IDS rules use to match packet traffic. If some packets match the rules, Snort-IDS will generate alert messages. First, this project uses a virtual dataset that includes normal and abnormal traffic for the performance evaluation test. In addition, design local rules to detect anomalous activities. Second, use Wireshark software to analyze data packets. Second, use Wireshark software to analyze data packets. This project categorizes the detected patterns into two groups, anomaly-based detection, and signature-based detection. The results revealed the efficiency of the snort-IDS system in detecting unusual activities in both patterns and generating more information by analyzing it by Wireshark, such as source, destination, and protocol type. The promoted experience was tested on the virtual local network to ensure the effectiveness of this method. Keywords: network, intrusion detection system, Wireshark, snort, anomaly-based detection, signature-based detection, packet traffic, alert.

Keywords—network, intrusion detection system, wireshark, snort, anomaly-based, detection, signature-based detection, packet traffic, alert

Cite: Naif Alsharabi, Maha Alqunun, and Belal Abdullah Hezam Murshed, "Detecting Unusual Activities in Local Network Using Snort and Wireshark Tools," Journal of Advances in Information Technology, Vol. 14, No. 4, pp. 616-624, 2023.

Copyright © 2023 by the authors. This is an open access article distributed under the Creative Commons Attribution License (CC BY-NC-ND 4.0), which permits use, distribution and reproduction in any medium, provided that the article is properly cited, the use is non-commercial and no modifications or adaptations are made.

附件说明

PREVIOUS PAPER

First page

NEXT PAPER

Intrusion Detection System in IoT Based on GA-ELM Hybrid Method

Home

Author Guide

Editor Guide

Reviewer Guide

Published Issues

Special Issue

Sections and Topics

journal menu