Analysis of Different Types of Network Attacks on the GNS3 Platform

In this study, DDoS, SQL injection and XSS attacks that hackers use most in cyber attacks are modeled on GNS3 emulator platform and network security is analyzed. A network scenario was designed using Graphical Network Simulator (GNS3), virtual machines, VMware workstation, firewall, router, and switches in order to examine the attacks on networks in real environment. Attacks were performed on this network with different techniques and target servers and devices were affected by the attacks. At the time of the attack, network traffic between the attacker and the target device was recorded with Wireshark software. Network traffic records and traces were examined and evaluations of attacks were made.

Farklı Türdeki Ağ Ataklarının GNS3 Platformunda Analizi

Bu çalışmada, bilgisayar korsanlarının siber saldırılarda en fazla kullandığı DDoS, SQL enjeksiyonu ve XSS saldırıları GNS3 emulator platformunda modellenmiş, ağ güvenliği analiz edilmiştir. Ağlara yapılan saldırıları gerçek ortamında inceleyebilmek için Grafiksel Ağ Simülatörü (GNS3), sanal makineler, VMware iş istasyonu, güvenlik duvarı, yönlendirici ve anahtarlar kullanılarak bir ağ senaryosu tasarlanmıştır. Bu ağ üzerinde farklı teknikler ile saldırılar gerçekleştirilmiş, hedef sunucu ve cihazların saldırılardan etkilenmesi sağlanmıştır. Saldırı anında, saldırgan ve hedef cihaz arasındaki ağ trafiği Wireshark yazılımı ile kayıt altına alınmıştır. Ağ trafik kayıtları ve izler incelenerek, saldırılara ait değerlendirmeler yapılmıştır.

___

[1] “Cyber crime attacks experienced by global companies 2017”, Statista. [Çevrimiçi]. Erişim adresi: https://www.statista.com/statistics/474937/cyber-crime-attacks-experienced-by-globalcompanies/. [Erişim: 20-Ara-2019].

[2] “Snort - Network Intrusion Detection & Prevention System”. [Çevrimiçi]. Erişim adresi: https://www.snort.org/. [Erişim: 14-Oca-2020].

[3] N. Goksel ve M. Demirci, “DoS Attack Detection using Packet Statistics in SDN”, in 2019 International Symposium on Networks, Computers and Communications (ISNCC), ss. 1-6, 2019, doi: 10.1109/ISNCC.2019.8909114.

[4] Ş. Sağiroğlu, E. Yolaçan, ve U. Yavanoğlu, “Zeki saldırı tespit sistemi tasarımı ve gerçekleştirilmesi”, Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, c. 26, sy 2, 325- 340, 2011

[5] I. Karadoğan ve R. Daş, “Analysis of attack types on TCP/IP based networks via exploiting protocols”, in 2015 23nd Signal Processing and Communications Applications Conference (SIU), Inonu University, Malatya, ss. 1785-1788, 2015, doi: 10.1109/SIU.2015.7130200.

[6] “Scapy”. [Çevrimiçi]. Erişim adresi: https://scapy.net/. [Erişim: 18-Ara-2019].

[7] R. Das ve G. Tuna, “Packet tracing and analysis of network cameras with Wireshark”, in 2017 5th International Symposium on Digital Forensic and Security (ISDFS), Romanya, ss. 1-6, 2017, doi: 10.1109/ISDFS.2017.7916510.

[8] R. Abdulhammed, M. Faezipour, H. Musafer, ve A. Abuzneid, “Efficient Network Intrusion Detection Using PCA-Based Dimensionality Reduction of Features”, in 2019 International Symposium on Networks, Computers and Communications (ISNCC), ss. 1-6, 2019, doi: 10.1109/ISNCC.2019.8909140.

[9] T. Tuncer ve Y. Tatar, “Fpga Tabanlı Programlanabilir Gömülü Saldırı Tespit Sisteminin Gerçekleştirilmesi”, Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 27, sy 1, 2013.

[10] J. J. Shah ve D. L. G. Malik, “Impact of DDOS Attacks on Cloud Environment”, International Journal of Research in Computer and Communication Technology, Vol 2, Issue 7, Tem.-2013

[11] P. Kumar ve R. K. Pateriya, “A survey on SQL injection attacks, detection and prevention techniques”, in 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT’12), Coimbatore, ss. 1-5, 2012, doi: 10.1109/ICCCNT.2012.6396096.

[12] D. Demirol, R. Daş, ve M. Baykara, “SQL enjeksiyon saldırı uygulaması ve güvenlik önerileri”, in 1st International Symposium on Digital Forensics and Security (ISDFS’13), Elazığ, ss. 62-66, 2013.

[13] A. Al-Mahrouqi, P. Tobin, S. Abdalla, ve T. Kechadi, “Simulating SQL-Injection Cyber-Attacks Using GNS3”, International Journal of Computer Theory and Engineering, c. 8, ss. 213-217, Haz. 2016, doi: 10.7763/IJCTE.2016.V8.1046.

[14] M. Baykara ve S. Guclu, “Applications for detecting XSS attacks on different web platforms”, 2018 6th International Symposium on Digital Forensic and Security (ISDFS) ss. 1-6, 2018, doi: 10.1109/ISDFS.2018.8355367.

[15] S. Djanali, F. X. Arunanto, B. A. Pratomo, A. Baihaqi, H. Studiawan, ve A. M. Shiddiqi, “Aggressive web application honeypot for exposing attacker’s identity”, in 2014 The 1st International Conference on Information Technology, Computer and Electrical Engineering, ss. 212-216, 2014, doi: 10.1109/ICITACEE.2014.7065744.

[16] T. Gunawan, M. K. Lim, M. Kartiwi, N. A. Malik, ve N. Ismail, “Penetration testing using Kali linux: SQL injection, XSS, wordpres, and WPA2 attacks”, Indonesian Journal of Electrical Engineering and Computer Science, c. 12, ss. 729-737, Kas. 2018, doi: 10.11591/ijeecs.v12.i2.pp729-737.

[17] H. Sabrine, B. Abderrahmane, ve S. Fouzi, “Comparative Study of Security Methods against DDOS Attacks in Cloud Computing Environment”, içinde 2019 International Symposium on Networks, Computers and Communications (ISNCC), Haz. 2019, ss. 1-5, doi: 10.1109/ISNCC.2019.8909110.

[18] “OWASP Top Ten Web Application Security Risks | OWASP”. https://owasp.org/www-projecttop-ten/ (Erişim Haz. 17, 2020).

[19] “Database SQL Reference”. [Çevrimiçi]. Erişim adresi: https://docs.oracle.com/cd/B19306_01/server.102/b14200/intro001.htm. [Erişim: 17-Ara-2019].

[20] “CWE - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection’) (4.0)”. https://cwe.mitre.org/data/definitions/77.html (Erişim Haz. 17, 2020).

[21] H. Alnabulsi, R. Islam, ve M. Talukder, “GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks”, IEEE Access, c. 6, ss. 77829-77840, 2018, doi: 10.1109/ACCESS.2018.2884201.

[22] V. Clincy ve H. Shahriar, “Web service injection attack detection”, içinde 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), ss. 173-178, Ara. 2017, doi: 10.23919/ICITST.2017.8356371.

[23] H. Bağci, “Sosyal Mühendislik ve Denetim”, Denetişim, sy 1, ss. 42-51, Tem. 2016.

[24] M. Baykara ve R. Das, “A novel honeypot based security approach for real-time intrusion detection and prevention systems”, Journal of Information Security and Applications, c. 41, ss. 103-116, Ağu. 2018, doi: 10.1016/j.jisa.2018.06.004.

[25] M. Baykara ve R. Daş, “A Survey on Potential Applications of Honeypot Technology in Intrusion Detection Systems”, International Journal of Computer Networks and Applications, c. 2, sy 5, s. 9, 2015.

[26] M. Baykara ve R. Daş, “SoftSwitch: a centralized honeypot-based security approach using software-defined switching for secure management of VLAN networks”, Turk J Elec Eng & Comp Sci (2019) 27: 3309 – 3325 © TÜBİTAK doi:10.3906/elk-1812-86 s. 17.

[27] “GNS3, 27-Ara-2019. [Çevrimiçi]. Erişim adresi: https://docs.gns3.com [Erişim: 27-Ara-2019].

[28] DVWA - Damn Vulnerable Web Application, “DVWA - Damn Vulnerable Web Application”. Erişim adresi: http://www.dvwa.co.uk/. [Erişim: 02-Oca-2020].

[29] D. Ş. Sağiroğlu ve D. M. Alkan, “Siber güvenlik ve Savunma Farkındalık ve Caydırıcılık”, s. 402.

[30] “Cisco Router Security Solutions - Technical Overview”, https://www.cisco.com/c/dam/en/us/products/collateral/security/router-security/routersec_tdm.pdf s. 116. [Erişim: 16-May-2020].

[31] I. Yusof ve A.-S. K. Pathan, “Preventing persistent Cross-Site Scripting (XSS) attack by applying pattern filtering approach”, içinde The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M), ss. 1-6, Kas. 2014, doi: 10.1109/ICT4M.2014.7020628.