Security Analysis
Made Easy!

This diploma thesis aims to create a system that analyses captured network traffic and detects ongoing attacks. Attacks like ICMP- and DNS-Tunneling, Reverse Shell, and Denial-of-Service are our main focus. Furthermore, a network analysis is planned, which then should be able to differentiate between usual and uncommon traffic based on previously learned patterns. If one of the cases occurs, the suite will generate log entries, which then will be visualized by the web interface.

Capture

Analyse

React

Capture

Capture traffic periodically

Analyse

Have the captured traffic analysed

React

Get informed on the webinterface

ABOUT US

Our Vision Of An Easier
Traffic Analysis

We’ve never had an automated system for detecting attacks within the school network. With it comes several negative aspects. Examples of such are a cumbersome analysis of relevant information, a delayed reaction to an attack, or maybe even an attack staying undiscovered. For this reason, we’ve resolved ourselves to fix this acute problem.

In addition, the suite is to forward its analyses to a web interface to display results graphically and have a central point of administration.

OUR SERVICES

Thread Traffic Analysis Made Easy

Our suite consists of 5 major parts.
The Manager: Coordination of analysers and logging-functionalities
The 3 Thread Analysers: Looking for attacks within captured traffic
The Networkanalysis: Analysing the traffic and creating statistics

DNS-Tunneling

DNS tunneling involves "tunneling" another protocol via DNS. A DNS tunnel can be misused for command and control, data exfiltration, or tunneling other Internet Protocol (IP) traffic.

ICMP-Tunneling

An ICMP tunnel uses ICMP packets to establish a covert channel between two computers. This can be used, for example, to establish a tunnel for TCP packets by means of ping messages.

HTTPS-Tunneling

HTTPS tunneling is used to establish a network connection between two computers under conditions of limited network connectivity, including firewalls, NATs, and ACLs.

DoS

The availability of an (internet-)service is attacked in order to slow it down for other users or to make it completely unavailable.

Reverse Shells

A reverse connection is a connection to another computer that is used to bypass a firewall. This makes use of the firewall's ability to block incoming connections but not outgoing ones.

Networkanalysis

The networkanalysis learns from previously captured traffic and generates a baseline. This baseline is later used to determine if newer traffic is unusual and may pose a threat to the network.

OUR WORK

Project Status

1

APPROXIMATED COMPLETION (%)

1

HOURS SPENT

1

LINES OF CODE

THE TEAM

This Is Us

Responsible for networkanalysis, detecting unusual traffic and the suite's manager.

team
Jakob Kinne

Team Leader - Scrum Master

Responsible for detecting several types of tunnels and planning the capturing endpoint of traffic.

team
Nihad Mustafa

TL Assistant - Product Owner

Responsible for detecting Denial-of-Service attacks and creating the webinterface for displaying logs.

team
Ben Cackett

Team Member

Responsible for detecting different types of Reverse Shells and managing our incident database.

team

Bernhard Hösch

Team Member

ADDRESS

Rennweg 89b, 1030 Wien

REACH OUT TO US

office@argus-security.at

ACTIVE HOURS

Mo - Fr / 10:00 AM - 16:00 PM

Copyright © ARGUS - Security