Detection of Transmission Control Protocol XMAS Attack Using Pattern Analysis with MONOSEK

Authors Chandrappa S1, Guru Prasad M S2, Naveen Kumar H N3, Praveen Gujjar J4, M. Anand Kumar5, Anurag Kukreti2
Affiliations

1  Dept. of Computer Science and Eng., Jain (Deemed-to-be University), School of Engineering and Technology, Global Campus, Kanakapura, India

2  Dept. of Computer Science and Eng., Graphic Era (Deemed to be University), Dehradun, India

3  Dept. of Electronics and Communication Eng., Vidyavardhaka College of Engineering, Mysuru, India

4  Faculty of Management Studies, Jain (Deemed-to-be University), Bengaluru, India

5  Dept. of Computer Application, Graphic Era (Deemed to be University), Dehradun, India

Е-mail
Issue Volume 15, Year 2023, Number 4
Dates Received 17 June 2023; revised manuscript received 14 August 2023; published online 30 August 2023
Citation Chandrappa S, Guru Prasad M S, Naveen Kumar H N, et al., J. Nano- Electron. Phys. 15 No 4, 04016 (2023)
DOI https://doi.org/10.21272/jnep.15(4).04016
PACS Number(s) 07.05.Mh
Keywords XMAS, TCP, Electronic physics, MONOSEK, Network, Traffic Analyzer, Cyber Attack.
Annotation

Electronic physics play the major role in data transmission between the hosts. The TCP XMAS scan involves determining the TCP traffic pattern in order to find out which ports are open. Based on this information, it can assess whether or not an XMAS attack is being attempted. In network data is transmitted in the form electrical and electronic signals. Using proposed system, one can ascertain both the hosts that are accessible on the network and the services that can be obtained from those sites. MONOSEK is used to perform analysis not only on sessions but also on packets. In this research, the benefits of utilizing MONOSEK rather than Snort and Wireshark are brought to light for comparison and evaluation. The cyber-security tool MONOSEK is capable of identifying a wide variety of network and cyber-attacks. The XMAS attack is identified in order to both stop operating system fingerprinting and examine online services. For the convenience of the user, a graphical user interface (GUI) is developed and used to examine the ports that have been opened on the list of available IP addresses in the network.

List of References