In the modern world, there is increasing popularity of online services. As shown in appendix A, there is also an increase in data breaches, malware infections, and intrusion attempts due to the enormous amount of data and file transfers that people are doing every day due to modernization and advancement in technology every year. With such progress, software experts need to be on the alert to ensure there is an advanced system that people can use to trace and detect all the activities that are going on in their soft wares. Cybercrimes, intrusion attempts, unauthorized access to other people’s data, and congestion of the network traffic are issues that people are experiencing daily in their attempts to pursue and execute their jobs online.
For proper storage and redirection of data to the appropriate destination, the network uses a form of structured data called packets. Packets transmit all the data of the emails, conversations, and website loaded across the web in a formatted way that ensures all the data transmitted is routed to the proper destination. In the past, firewalls were installed in router devices to manage, control, and regulate all forms of data transmitted through the webs and the network traffics. However, these firewalls could only scan specific information on the header of an inspection packet which only contained the source, next hope routing information, and the source. Examining only a limited amount of data is insufficient considering the high amount of data transferred every day and every minute across the world. Firewalls cannot monitor effectively, slow down, filter, block speeds up, or decide concerning network traffic.
IT Solution
Deep packet infection (DPI) can work perfectly in addressing the network traffic problem. DPI technology will allow the internet to use IP packets content and analyze their internet traffic in real-time and the IP header unlike the firewall. Besides, deep inspection packets enable the Government, internet providers, and enterprises to inspect their packets based on their assigned information, allowing all the packages that clear the inspections and encrypted data to enter the network and be analyzed.
Besides that, DPI packets can monitor, slow down, speed up, filter, block, and are in a position to make decisions about traffic in a network. Although the packages were initially intended to protect corporate and universities from malpractices and viruses in their network before reaching the end-users and intercepting any malicious packets in real-time, today they are used by all organizations and government agencies. DPI will also serve as an effective method for detecting intrusion in the systems and preventing these intrusions. For organizations with workers who work remotely, this technology will be crucial. It will protect their workers’ laptops from spyware, fireworks, and other forms of viruses from infecting their corporate networks.
The DPI technology will also protect the organization’s networks from distributed denial of services, viruses, spam harm, and other attacks. Since the technology embraces all the regulatory requirements for lawful network interceptions and enterprise content controls systems, it will aid the Government and organizations define their policies and rules to allow their networks to detect any case of prohibited use or application. Another intended application of DPI packages is to ensure the quality of services users obtain from the web and reduce network congestion due to spam or trivial content. Therefore, the project aims to develop a solid and effective algorithm for quick packet sniffing of a target network.
Implementation Plan
Implementing the DPI system technology needs to be a complete but straightforward functioning system that will extract and detect all the activities in a network system. For a fully functioning DPI server, several features need to be put into place. These features include:
High-level architecture
The DPI architecture incorporates the controllers and the Traffic steering application (TSA). The DPI controller is the arranger of the DPIaas operations. Any part of the whole system that needs to use the Dpiaas must pass through the controller and notify it of all the match rules that require inspection (Imani & Asefi, 2021). Besides, the engine of the DPI system also needs to register to the controller since the controller is the one that aggregates all the rules and policies that need to be adhered to before any activity can occur. The controller is also responsible for integrating all DPI instances into the existing rules and procedures then applying them in the network through the use of network steering application. For a functioning network, there is a need to employ a high-level architecture to ensure all the functions are in place and are functioning as shown in appendix B.
The satisfactory installation of the Traffic Steering Application (TSA)
The rule of the TSA is to apply the existing policies of a given network. Network providers need to set the available regulations and procedures into OFF mode, enabling each packet to move across all the corresponding middleboxes and dpi instances according to the guidelines set. After the information has gone through the whole chain in the system, the packets will release the network routing to their desired destinations. A data-plane network enhances the communication between the DPI controller and the middleboxes while the control panel configures the communication between the traffic steering applications and all other parts in a system.
When installing a DPI system, there is a need to ensure good connectivity between these systems as they are crucial for the operation of the Dpiaas. The best way to make sure they are well connected is to avoid any breakages of the plane’s abstraction and provide a direct connection through a dedicated link as shown in appendix C. Once the control systems and the traffic steering systems are in place, network providers can start using the DPI to monitor the traffic and track any unauthorized intrusion. This will also facilitate curbing any crimes that are rampantly happening across the network due to increased number of users and the massive amount of materials and data being put into the web every day.
Review of Other Work
Numerous experts have explored solutions for enhancing cybersecurity and preventing associated threats. Reviewing these works can help identify robust intervention to potential risks to a target network. Pavithra and Nagabhushana (2020) focused on packet sniffing and network wiretapping to critically discuss the best way to do sniffing in a hub and switched networks. The use of Anti sniffs for the discussed programs is also discussed.
Packet Sniffing: Network Wiretapping
Logging or monitoring network traffic
The first step in effective network monitoring is identifying network data sources to gain a visual picture of the whole domain across the network. This calls for unifying data from many sources including packet, data, device, and Wi-Fi data (Pavithra & Nagabhushana, 2020). The second step entails effective identification of applications and devices that are running in the network. Specialized tools referred to as network topology mappers help in identifying network domain’s users, thus, making network monitoring easy. The third step involves applying the correct network traffic monitoring tool. A packet analyzer is used to identify and decode the real count of network packets and network performance dashboard, which provide an accurate overview of what is happening within the network data traffic (Pavithra & Nagabhushana, 2020). Live NX helps in facilitating consolidating data from all other sources. Use of these tools ensures a clear and accurate view of all the network area and network monitoring reports. Further, they help with network’s historical, present records and proactive alerts that inform of issues that may require immediate attention.
Solving communication problems
The entire process of network monitoring seeks to facilitate solutions to communication problems such as coming up with a solution as to why a computer named A cannot effectively connect to a laptop, called B on the other end. When looking for solution it is also have to identify whether the problem that exists is on the system or a transmission problem.
Analyzing network performance
Through the analysis of network performance, the parts of the given network that are not functional or have a problem are readily identified. This is mainly caused by congestion of the network. Proper analyses enhance the functioning of a given network and ensures that connectivity is even.
Easy retrieval of the usernames and passwords of the people using the network
There are some fundamental challenges in network monitoring. These include the users losing their user names and passwords, and they need to recover them. To avoid such issues, the program must have a quick ability to retrieve lost data and information and facilitate an easy time for the users.
Detecting network intruders
Intrusion is a serious case of cyber security. Due to many users and freedom in networks there are many intruders who might be trying to hack the systems. The system in place should therefore be effective in identifying and alerting any intruders on the network to prevent all forms of cybercrimes.
Packet Analysis for Network Forensics
Packet analysis is a technique that is used to trace back information in network forensics. This technique is specialized to capture the last detail of a network up to a given time. According to Sikos (2017). Further, the technique is used in detecting any abnormal behavior online, unauthorized website access, attempts of intrusion, and data breaches. Siko (2017) provides a nuanced review of packet analysis that comprises deep pocket inspection in forensic networks. There is also an appropriate review of the utilization of packet analysis methods by using pattern identification and advanced network traffic classification models. The book notes that not every online network-based evidence a court of law can use, and therefore any available evidence that is authentic can aid in solving disputes in a court of law. The hardware and packet analyzer used must have the capacity to give detailed information in network forensics. This ensures cyber insecurity is controlled by the availed details that provide easy tracking of the offender and fair compensation of the network source.
Enhancing the comprehension of network sniffing attack using a hands-on lab approach
Sniffing attacks is a common challenge to many networks that occurs often. According to Trabelsi and Saleous (2018), these attacks involves using malicious plans to infiltrate confidential information and spy on a given network. Trabelsi and Saleous (2018) come up with concepts that can help students come up with skills that will help them curb network sniffing occurrences in their network domains. Their work aims at equipping students with the knowledge of identifying users who are maliciously attacking a given network in a library environment practically. The purpose of their peer-reviewed journal article is to encourage learning institutions to include this topic in their curriculum, especially on courses about network security. The hands-on approach would be essential to learners in aiding and controlling cyber insecurity. Besides that, Trabelsi and Saleous (2018) focus on the impacts such topics will have on the performance of the students. The paper gives a broader understanding of network sniffing attacks at large.
Preventing Network Eavesdropping Attacks
Like some people eavesdrop in conversations, there is a similar concept in networking where a person can infiltrate communications between different devices or components. The work by Liu et al. (2019) explore eavesdropping attacks with a focus on how cyber-attackers may snoop packets to intrude and gain access to sensitive information. The authors describe the main forms of eavesdropping – passive and active. Detection of these attacks is challenging, but it is a little easier to detect an active attack, though, by the time the attack is noticed, data is already intercepted. Lei et al. (2019) proposed a promising solution – a learning based adaptive network immune mechanism (LANIM) designed to help boost prevention of these kinds malicious activities. LANIM provides advanced and more integrated protection due to its three defense lines and one constraint (Liu et al., 2019).
The first defense mechanism leverages risk machine learning algorithms to inform decisions about suspicious network activities, while the second on utilizes encryption which targets intent and application. The last defensive involves leveraging existing countermeasures and is informed by the computational complexity. LANIM provides more advanced protection against eavesdropping attacks as it combines multiple precautionary measures, including encryption, authentication, regular network monitoring and threat assessment, and network segmentation, and use of virtual private network (VPNs) and firewalls.
Relation of Artifacts to Project Development
The above scholarly works relate to the proposed project. They help understand the technical problems that have existed in the past and how they have affected organizations, government agencies and network services providers. In addition, these works have focused on addressing a similar problem experienced in the technology sector because of the advancements in the modern world. Further, they help realize the loopholes and gaps that still exist in the provision of the network and therefore provide an easy way of understanding which areas to focus on.
Project Rationale
The use of networks in modern communication has been widening every day. On the other hand, the challenges to network technology have been massive. Therefore, experts must generate solution mechanisms to ensure that this kind of communication remains safe and relevant. These challenges have primarily been developed by hackers or sniffers who seek to infiltrate confidential communications between people or organizations. For the advancement of any organization, its information has to remain hidden, and therefore, hackers are a risk in many ways.
This paper seeks to give advanced solutions to these cyber security issues that are highlighted all over the world. The proposed solutions are achievable, and they just require selecting the most convenient one in relation to their challenge. The targeted users must also be willing to invest in their systems to ensure that their communication and information within their domain are safe. In the olden days, unlike in modern times, the form in which data was stored was not the same as it is done now. Companies and organizations did not invest in systems but instead invested in physical spaces because the storage mode was physical. In this era, an organization must invest in advanced techniques to facilitate the storage and safety of information.
Looking at how companies have been affected by hacked information from their systems and the impacts caused by these actions, there is a need for an urgent solution to these challenges. The massive losses suffered by people and organizations are enough evidence that network service providers need to take some urgent steps to curb cyber insecurities. The ability and the solution to cyber insecurity lie in and between us is the responsibility of thinkers and academicians to close the gaps and errors that these hackers capitalize on. Such papers like this one are a great way to find solutions to the challenge, and a lot more should follow. The world of communication and information can only get better once these challenges are identified and their solutions created.
Current Project Environment
Currently, most organizations embrace putting on measures to ensure that their information and details are safeguarded. Since most communication agencies, government agencies and organizations have realized that the pressure piling from their customers is massive, they are calling for safety measures to be put in place to safeguard their information and details. However, despite the efforts by organizations and individuals, there has been a great increase in cases related to cybercrimes and insecurity. As technology advances, the knowledge about hacking and such related crimes has also advanced, especially due to the availability of information on many forms. Proactive measures have to be taken to ensure that all networks are safer. Taking more progressive action will help salvage such difficult situations.
The current programs and systems have done an excellent job in curbing cyber insecurity. However, there is a lot to be done considering that the human population is still growing and the need to have more robust networks. Looking at the users of networks ten years ago and the user right now, we can conclude that a lot needs to be done in strengthening the available networks to suit the needs of the world population. In the modern world, nearly everything is done online. Transactions, classes, meetings, and other vital activities are being conducted online, thus creating much stronger networks. The rise and impact of the COVID 19 have made the need for much more potent networks more urgent. Most people and institutions are preferring to have their businesses done online, unlike in the past. This has become an opportunity for hackers to exploit the many unsecured networks operational in the network domain as shown in Appendix D.
Sniffing of the network ensures that the information flow within your domain is safe and confidential. With increased communication within the technological environment, sniffing of networks with a DPI is an assurance that insecurities will have lowered and the chances of any hacker attack will decline significantly. Installation of a DPI in a network domain enables people to monitor network traffic accurately and helps in the identification of the users in the target network environment. Monitoring any abnormal activity within a network domain is more straightforward, especially when people can see all the users in a certain network. Sometimes, as a result of too many users, there is traffic in a given network leading slow operations sometimes, which users notice from their points of operation. Network services providers do not need to wait for the users to complain for them to realize network is not operating effectively. With a DPI tool, they will get alerts immediately if the network is not functional or not effective in its operation.
The DPI tool is an effective tool in solving communication problems, and this is the ultimate goal of a proper communication tool. Embracing DPI will help identifying a problem before it reaches the end users hence smoothening the process. For example, when there is one computer connecting with the other, people are able to identify the specific computers with fault, and are in a place to identify the particular problem and its solution. This is the current situation and the projected future with a DPI tool in a target network.
Methodology
The specific methodology employed in this project is prototyping of the DPI packets. The most important and crucial step is to provide the DPI controller is well implemented since it is the major component of the DPI packets. There is a need to ensure proper communication between all the parts using the DPI services, such as the middle boxes, instances and traffic steering applications. An appropriate inspection of all the DPI instances available in the network and all the rules and policies is necessary, since it is crucial for division of management in the dpi instances and facilitation of where each dpi instance should be placed in the policy chain. For a successful implementation of a DPI controller, the following steps are vital.
Ensure the DPI Controller Acts as a Server for all Instances and Middleboxes
Since the DPI controller acts as a mediator for all other parts in the DPI packets, it needs to be set to act as a server. Proper settings will enable the controller to capture all the instances and middleboxes, communicate with all other components of the DPI network and register any new connection. Setting the DPI controller to act as a server also enables it to detect any disconnection in the network and act accordingly.
Matching of the Set Rules
Matching the rules will enable the DPI controller to assign a specific id to each practice and ensure that each identical regulations have the same id. With matched rules, the DPI control will have the ability to aggregate all similar laws from each middle box and then inspect each packet only once instead of repeating every other time if the rules are not matched. To achieve such workability, the DPI controller needs to recognize each internal id. With matched controls and assigned Id, the controller will have a memory of all the rules added or removed from the network throughout its lifetime; hence no foreign activities or intrusions can occur in a network without its knowledge. Such implementations will facilitate an easy way to detect and prevent any mischievous activities in the networks.
Division of Match-Rules to Instances
When implementing an algorithm like a DPI packet, understanding how to divide rules among instances is crucial. There is a need to properly examine any change in the configurations, such as removal or addition of middleboxes, changes in the policy chains, or instance or match rules. To find an optimal solution in the division of the match rules, the network providers and the DPI implementers, must do a thorough examination of all previous considerations, design some algorithms, and then test them in various situations and different environments. To create a system that can work well and demonstrate this design, network providers need to employ these simple division policies.
- Balancing of the matching rule load-The goal of this policy is to ensure utilization of all instances available in a network and still maintain the same number of rules in each instance.
- Balancing of the policy chain load-The goal of this policy is to make sure all the policy chains are divided equally such that every policy chain assigns one instance. If the instances are not enough for each policy chain, then some can share a model.
Development of the Corresponding Policy Chains
After the division of rules, the DPI controller must place all the dpi instances in the correct position in the network such that each middlebox is placed after every model that serves it with rules. The controller applies its knowledge on the middlebox and instance rules to map each of the policy chains to achieve this. Balancing the chain load policy is applicable here to retrieve a strategy for each approach, then assign it and place it at the beginning of the chain.
Pushing and Pulling Policy Chains
The DPI controller needs to pull and push all the policy chains to the traffic steering application in both buildings of the new policy chains and division of the match rules.
Reacting to Changes in the DPI Network
The DPI controller system needs to receive all notifications regarding instances going up and down, added or deleted rules, middleboxes, or changes in the policy chains. During such instances, the controller will react immediately and act according to the previous requirements.
Project Goals, Objectives, and Deliverables
The advancement in technology has made data applications and all transactions and modern-day jobs to be an online affair. Businesses, organizations, and governments have migrated to doing all their assignments online. As a result, many issues are likely to happen, such as intrusions, unauthorized people invading the networks, and cyber-attacks. To prevent such problems, DPI packets have become a daily application by internet service providers and organizations to combat malware, detect and prevent cyber-attacks, optimize servers to avoid overheads, and analyze user behaviors. Proper implementation of a DPI controller can act as both an intrusion detection system and a combination of both intrusion detection and intrusion prevention in the network systems. With such in mind, the goals of a DPI packet is, therefore, to detect all the applications being used in a network, analyze all the data usage, check for any malicious codes in the network systems, ensure all the data in the network are in the correct format, network management and internet censorship (Orosz et al., 2018). Achievement of these goals will leave a well-managed network, ease the traffic and make sure the data reaches the end-users in the correct format:
Goals, Objectives, and Deliverables Table
Goals, Objectives, and Deliverables Descriptions
In detecting the applications being used in a network, the DPI packets use certain checkpoints in the network to evaluate all the activities taking place in a specific network. In addition, the DPI system applies the rules provided by the administrator, network provider, or the network system and determining what to do with the data to ensure not unauthorized applications. In the analysis of the data usage, the DPI will inspect the data being sent across the networks then take action such as blocking, alerting, or re-routing. When there are too many users in a given network, the DPI will also play a crucial role in redirecting the network traffic to avoid congestion and hence eases congestion therefore facilitating smooth operations. DPI facilitates network management in that it allows information with high priority to pass through immediately while holding the low priority information.
In addition, it will prioritize mission-critical packets before the ordinary browsing packets and slow down the rate of data transfers in case problems are arising with peer-to-peer downloads. Once the DPI packets have achieved the goals and the objectives outlined above, it will automatically accomplish the deliverables such as easing traffic congestion in a network, preventing and detecting cyber-attacks; hence, people will not be in a position to access other people’s information and data security. With such packets, people can send their mails, Skype, tweet, and operate on all social media platforms without being worried about the safety of their information. In addition, all businesses, organizations, and government agencies doing their jobs online can store their data safely without fear of intrusion or loss of data.
Apart from providing an analysis of all the content that enters the network, DPI packets can also monitor, slow down, speed up, filter, block, and are in a position to make decisions about traffic in a network. As a result, a good number of network providers and data analyzers use these packets in their networks. Although the packages were initially intended to protect corporate and universities from malpractices and viruses in their network before reaching the end-users and intercepting any malicious packets in real-time, today they are used by all organizations and government agencies. DPI will also serve as an effective method for detecting intrusion in the systems and preventing these intrusions. For organizations with workers who work remotely, this technology will be crucial. It will protect their workers’ laptops from spyware, fireworks, and other forms of viruses from infecting their corporate networks. As a result, everybody will be comfortable with their work and will not worries concerning the security and confidentiality of their information or jobs.
Project Timeline with Milestones
Implementing the DPI packets will vary depending on the many times that the project will require adjustments. Several factors can make the projects to be completed easily or to be delayed according to circumstances. However, the projected time for the project to be completed will be about one year to 1.5 years at most. The development phase of the DPI will consume the highest amount of time since it will require an arrangement of all materials, personnel, and technology experts. It also involves sourcing subcontractors, potential suppliers and ordering tools and materials needed in the implementation phase.
During this stage, the organizations, network services providers, and agencies that use the network will be involved in various activities that will establish them and enable them to have an easy time during the implementation of the DPI packets. Such actions will include product development and market research to develop the best DPI packets that can serve and achieve the intended goals in the best way possible. Once all the research is done and everything is in order, the implementation phase takes the shortest time since it involves installing the systems and ensuring everything is put where it is supposed to be in the DPI control system. Some factors that might lead to delays in the implementation of the DPI project include the financial intensity required, complications in the processes as well as organizational and technological complexities. However, when everything aspect of the project is right, and there is efficiency on all stakeholders the project will be completed successfully. The following table illustrates the timelines and milestones for the Sniffing packets project.
Outcomes
The projected outcomes of this project must be quantified in terms of the expected impacts. At the end of the projects, users should experience the following deliverables and outcomes
- There should be effective filtering of traffic in the network systems by white and blacklists of sites and site categories.
- There should be a present signature library that is dynamic and can be replenished.
- There should be an actual time traffic control and dynamic ratification.
- The DPI system will also detect any application traffic based on signature and statistical analysis, which should include IM, Voice P2P, game traffic, video streaming, and video over IP applications, and encrypted data.
References
Imani, E., & Asefi, M. (2021). An empirical investigation of factors that enhance technology development in design process improvement in architecture education: analyses of students’ views. Engineering, Construction, and Architectural Management. Web.
Liu, M., Gao, D., Liu, G., He, J., Jin, L., Zhou, C., & Yang, F. (2019). Learning Based Adaptive Network Immune Mechanism to Defense Eavesdropping Attacks. IEEE Access, 7, 182814-182826. Web.
Orosz, P., Tóthfalusi, T., & Varga, P. (2018). FPGA-assisted DPI systems: 100 Gbit/s and beyond. IEEE Communications Surveys & Tutorials, 21(2), 2015-2040. Web.
Pavithra, T., & Nagabhushana, B. S. (2020). A Survey on Security in VANETs. In 2020 Second International Conference on Inventive Research in Computing Applications (CIRCA) (pp. 881-889). IEEE. Web.
Sikos, L. F. (2017). Description logics in multimedia reasoning. Springer, Cham.
Trabelsi, Z., & Saleous, H. (2018). Teaching keylogging and network eavesdropping attacks: Student threat and school liability concerns. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 437-444). IEEE. Web.