A study of network-based attacks : detection through protocol level analysis
Μελέτη δικτυακών επιθέσεων : ανίχνευση μέσω ανάλυσης σε επίπεδο πρωτοκόλλων
View/
Keywords
Network security ; Protocol level analysis ; Network attack detection ; Packet inspection ; Traffic analysis ; Intrusion detection systems ; Network protocolsAbstract
Modern computer networks are fundamental to contemporary digital infrastructure, making them an attractive
target for a wide range of cyberattacks. As attack techniques continue to evolve, traditional detection
mechanisms based on static rules and signature matching increasingly struggle to identify sophisticated or
stealthy threats. This thesis investigates network attacks by focusing on anomalies and deviations at the
protocol level, aiming to improve understanding of both attack execution and detection limitations.
The study examines a broad set of widely used network protocols, including IP, TCP, UDP, DNS,
ARP, ICMP, HTTP, LLMNR, NTLM, and IEEE802.11 related protocols. For each protocol, normal behavior
is analyzed and contrasted against malicious activity generated through controlled attack scenarios. The
attacks covered include network scanning techniques, ARP spoofing, DNS spoofing and tunneling, HTTP
request smuggling, denial-of-service attacks, wireless jamming attacks, and Windows authentication–related
attacks such as LLMNR poisoning and NTLM relay. These attacks are performed in both virtual and
physical laboratory environments to capture realistic traffic patterns.
Traffic generated during both benign and malicious activity is analyzed using packet-level inspection
tools, with a focus on identifying protocol inconsistencies, abnormal state transitions, and anomalous
traffic characteristics. The results highlight the strengths and limitations of common detection approaches,
particularly those that rely on packet filtering, static traffic analysis, and limited protocol awareness. Findings
show that, although many attacks display solid indicators, certain attacks generate legitimate traffic,
making reliable detection a highly demanding task.
Overall, this work contributes practical insights into how protocol level analysis can support network
attack detection and provides a structured dataset of captured traffic that can serve as a foundation for
future research, including machine learning and AI-based detection approaches.
Postgraduate Studies Programme
Κυβερνοασφάλεια και Επιστήμη ΔεδομένωνDepartment
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα ΠληροφορικήςNumber of pages
77Language
EnglishCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα