Using SNORT and AFTERGLOW to detect and visualize all malicious attacks within IaaS Cloud COmputing Systems

Project Details

Project Lead
Tofuli Baendo 
Project Manager
Tofuli Baendo 
Institution
University of Arkansas at Pine Bluff (UAPB), Mathematics and Computer Science Division  
Discipline
Computer Science (401) 
Subdiscipline
30.08 Mathematics and Computer Science 

Abstract

Cloud computing provides a flexible and scalable information infrastructure to users. It attracts various customers. Unfortunately Cloud Infrastructure as a Service suffered security breaches. For this project we would download Afterglow through the DAVIX Live CD. It would pipe all step into a simple command. We would interact Intrusion Detection Systems and Afterglow in order to detect, visualize all benign detail of data and to generate link graphs. We would identify the source IP, destination IP and destination Port of the connection. Snort Packet Processing created Sniff.pcap. To convert sniff.pcap to a CSV file we executed: Tcpdump –vttttnneli eth0 > tcpdump.log | usr/local/bin/tcpdump2csv.pl “sip dip dport” < tcpdump.log >sniff.csv Tcpdump2csv.pl allowed us to select a number of possible file to be written to the CSV output, including timestamp, destination IP, source IP and destination Port.

Intellectual Merit

-To understand Snort Packet Processing and using Afterglow to facilitate the process of generating link graphs and visualization. -Snort and Afterglow provide overviews and detailed views of network traffic.

Broader Impacts

-Interacting Snort and Afterglow would help users to identify the detail benign of all malicious attacks

Scale of Use

I want VMs to be running for my research activities.

Results

Not yet.