Network Traffic Analysis for Malicious Activity Detection
Somika Ganesh (Park University), Wen-Jung Hsin (Park University)
In this research project, I explored network traffic analysis for detecting and preventing malicious activities using Snort, an open-source Intrusion Detection and Prevention System (IDS/IPS). The project was conducted in a safe and controlled environment using TryHackMe, a cybersecurity training platform that provides hands-on labs for learning network security. Through this project, I gained practical experience in monitoring, logging, analyzing, and mitigating network threats using Snort’s different operational modes. I started by using Sniffer Mode, which allowed me to capture and analyze live network traffic. This mode provided visibility into real-time packet flow, showing details such as source and destination IP addresses, protocols, and payloads. Next, I used Packet Logger Mode to store network traffic logs for offline analysis. These logs were examined using Snort and Wireshark, helping me detect suspicious patterns and anomalies in the captured data. The most critical part of the project was working with IDS/IPS Mode. In Intrusion Detection System (IDS) mode, I configured Snort to monitor network activity and generate alerts when suspicious traffic was detected. This helped me identify potential attacks such as ICMP scanning and HTTP-based threats. I then switched to Intrusion Prevention System (IPS) mode, where Snort was configured to actively block and drop malicious packets, preventing unauthorized access and mitigating security risks in real time. Finally, I performed PCAP File Analysis, where I examined previously captured traffic logs to investigate past attacks and understand network behavior. This forensic approach helped me see how different types of attacks leave traces in network logs, reinforcing the importance of continuous monitoring and incident response. By completing this project in a safe and controlled environment on TryHackMe, I successfully demonstrated how network traffic analysis plays a crucial role in cybersecurity. The ability to detect, log, and prevent cyber threats using Snort provides valuable insights into network defense strategies. This research highlights the effectiveness of IDS and IPS solutions in securing networks and emphasizes the importance of traffic analysis for identifying and mitigating cyber threats before they cause harm.