MN691 Research Methods and Project Design

Developing Smart port

scanner to make better
secure network

Final Report

Surachet Sukkram MIT 151463

Ageng Hardani
MIT150621
School of IT and Engineering
Trimester 2 2016

MN691 Research Methods and Project Design Page 2 of 31

Acknowledgement
We are really grateful because we managed to complete our MN691 Research
Methods and Project Design within the time given. This research project cannot be
completed without the effort and co-operation from our group members, (Surachet
Sukkram and Ageng Hardani). We also sincerely thank our lecturer Jason Brown for
the guidance and encouragement in finishing our research project and also for
teaching us in this course. We would also like to thank our colleagues from MIT who
provided insight and expertise that greatly assisted the research.

Signature of Students:
Sign your signature here
Date of Submission of Report: Put a date here clearly

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 3 of 31

Contents
Abstract.........................................................................................................4
1. Introduction................................................................................................5
2. Problem domain and research questions........................................................6
3. Background and Project Objective.................................................................8
3.1 Summary of Literature Review................................................................8
3.2 Objectives of the Project......................................................................13
4. Project Requirements Analysis and Specification...........................................14
5. Project plan and preliminary design.............................................................18
Flow chart of Smart port scanner................................................................19
Smart port scanner network scanning for a large group of clients....................20
Weekly Activity Table................................................................................21
Research project weekly activity grant chart................................................22
Role and Responsibilities Table..................................................................23
Cost and Budget Planning for Develop Port Scanner....................................24
Use Case Diagram for our Port Scanner.....................................................26
6. Research methods to be used for the next stage of..............................28
7. the pr.....................................................................................................28
8. oject.......................................................................................................28
9. Conclusion and limitations....................................................................28
References................................................................................................28
References................................................................................................28
Glossary and Abbreviations......................................................................29
Appendices................................................................................................29
Appendix I: Simulation Source Codes..................................................29
Appendix II: Detailed proof of theory..................................................29
Appendix III: Very Long Tables of data...............................................29

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 4 of 31

Abstract
Port scanning tool is one of the most crucial tool used by system administrator. The
purpose of port scanning is to scan all the port on the system to determine the
vulnerabilities of the services running on each port. Then system administrator can
use the information to allow only necessarily port and close unused port. This is the
way to increase the security of the system being scanned. Most of port scanning tool
is just running and then stop after it done scanning. This report is about designing a
smarter port scanning tool which not only run once but continually running and
reporting both internal and external port scanning. The smart port scanner can also
back out when it senses that the usage in the network is at a peak. Then start itself
again when the normal network traffic begins. The smart port scanning can also
detect and report suspicious activities of each program that try to utilize port to send
out any packets to another network. The smart port scanning can generate detail
report in two formats. First it can generate the report file in XML format (for easy web
viewing). Second, it can generate the report file in PDF format (for standard viewing).
The report will include information such as date, time, port number, IP address of
destination data that each program tries to utilize port to send data out. The main
idea of this project is to provide information and empower system administrator to
secure their system and also to implement security policies to enhance network
security.

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 5 of 31

1. Introduction
The tactics of traditional port scanning tool is to run once and then stop. This project
wants to provide better and smarter port scanner tool. The Smart port scanner will be
part of the network system which will actively probe to the network to secure the
network system and not just sit and wait for the port scan to happen. The tool will
also be able to determine the current network traffic. If it found out that the traffic is in
a peak time it will ideal itself and wait for the peak to pass, then reactivate itself to
continually monitoring the system again. All of the suspicious port utilization activities
will be collect and also can be used to generate a report. The report will not only
show all the information in only readable text but also will show in graphical view.
Because the more of the different ways that you can look at the report the better
chance that you might find something which will catch your eye. This will ensure you
will not miss any importance information that otherwise you might miss if you are
provided will a single type of report. The other benefit of the combination of graphical
and text report is that network administrator will be able to find any misconfiguration
a lot easier and in a short period of time. In this report will contain seven sections.
Section 1 is the introduction. In section 2 is the Problem domain and research
questions which will include a problem that need to be address and research goal.
Section 3 is background and project objective which is literature review of the topic
undertaken. Section 4 is project requirements analysis and specification that
contains the requirements such as hardware, software or required items for the
chosen project. While, section 5 is project plan and preliminary design. It this section
the detailed document and design of the project is provided. Section 6 is research
methods to be used for the next stage of the project. This will lay out how to
implement the project design in terms of design of experiment, data collection
method, data analysis method etc. Section 7 is conclusion and limitations which will
show summarization of the project and clearly list out the limitation of the simulation
and the project. Finally, references are given at the end of the report.

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 6 of 31

2. Problem domain and research questions

The first problem in our project is port scanning network adaptive feature. This
means how our smart port scanner will be able to detect a peak and nonpeak of the
system. If it senses that the network is at peaked. It has to put itself in background
mode. Whereas if it detects that the system is not at a peak time it will have to
reactivate itself back out and start to monitor the system again.

The solution for this is to include the code that can detect a pattern that monitor
network spikes. We will have to keep track data point, which provides traffic in
and out of the network. The details such as applications, users, speed, volume,
packets and utilization off the total bandwidth and all other thing that generating
traffic will be included in anlyzing the peak of the network. This will provide more
accuracy when our port scanner will active or inactive.

The second problem is how the system administrator will be notified if port scanning
is detected. Our program is continually monitoring port activities. The report has to
be generated in real time to be able to inform system administrator of the current
situation of the system.

The solution for this is to create pattern and give it priorities such 1 to 3.
Where 1, 2, and 3 can briefly described as below:
- Priority 1 (Red) Extreme urgent: this is the highest level of security risk. The
program will generate phone call plus send the message to the system
-

administrator in real time.

Priority 2 (Yellow) Moderate problem: this is a level of warning that not
immediately required attention from the system administrator. The program

will generate report and email it to system administrator.

Priority 3 (Green) Low level problem: in this stage the program will only
generate daily report as normal which system administrator can come back
later time to review all of the report.

The third problem is how the smart port scanner will be able to probe into different
VLANs because in the real network environment it is common to have more than
one subnet in a network. All of the subnets will be link to each other via trunk port.

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 7 of 31

The smart port scanner will need to be able to support scanning port of the different
VLANs as well.

We have two ways to solve this problem. First solution, we might need to
implement our smart port scanner in each VLANs. This is to ensure full
capabilities of the program when running and to minimize any error that might
happens while program probe into different VLANs. Moreover, the feature of our
smart port scanner that can deactivate itself when network peak time might have
a problem when working with two network. This is due to if the traffic of one
network is peaked and the other is not. The smart port scanner could be
confusing of it status whether to continue monitoring or to inactive and wait until
network spike passed. Second solution, is to periodically send ping packet to
each network that our port scanner tries to scan the port to determine the
response time of particular network. If it takes too long for that particular network
to response. It can make a decision to stop port scanning for that network.
However, when the ping package that it sends showing fast response it then can
activate itself and going back to do its job again.

The Fourth problem is how the smart port scanner will work alongside with IDS. The
Smart port scanner should be able to differentiate between internal port scanning
and actual hacker port scanning.

To solve this problem we can added some functionalities to Smart port

scanner which will enable it to activate IDS in case of abnormal port activities
found. The way of this method is happened when Smart port scanner found
unusual port activities it then will let the IDS double check all the packets that
coming thru that particular port. This practice is just like double protection for
the network which not only wait for the IDS to do the work. The Smart port
scanner can be a great addition for the protection of the network.

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 8 of 31

3. Background and Project Objective

The requirement of MN691 (Research Methods and Project Design) is to select the
project topic and then spend substantial time on researching, analysing and
developing the requirements, project plan and preliminary design for a capstone
project. The most important aspect of the project selection topic is novelty. The topic
that we had interest in is port scanning. The topic chosen in accordance the factors
involved around networking field which is our main area of studies. After we
elaborate through many research papers, journals, and online articles. The topic
choice that we choose is smart port scanner as our topic. The reason was first it
involved our learning as Master of Networking student and second, because network
security is always important.

3.1 Summary of Literature Review

The port scanning techniques have been used in order to protect the and to probe
for weakness of host system in network system. The system administrator use port
scanning to protect the system by gathering information on each ports. If the system
administrator sees unnecessary port that have been opened. The first step to start
protecting the system is to close that unnecessary port because the greater number
of open ports, the more vulnerable of the system. On the other hand, the use of port
scan to attack the network happening when the attacker starts port scan by sending
probing packet to each port one at a time. The kind of response received indicate
port status, the protocol and available services use on each port. After received all
the information needed then the attacker can exploit the ports weaknesses or lunch
the attack to that particular port.
Most of the researchers have tried categorizing the port scanning technique and it
potential to affect the network system. However, after thorough review of published
literatures and journals through different available resources. We have not yet to find
any published literatures and journals regarding the use of port scanning tool to
constant monitoring the network system. This is how our project differentiate from
other published literatures and journals. The project will show the novelty in term of
port scanning tool that continually monitoring network system which is core objective
of our research. Furthermore, the aim of summary of literature review is for us to

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 9 of 31

better understanding of what other have done on the same topic and what we will do
to show novelty in our project. This is how we summarize the main idea of each
paper in the same field. Below is the list of abstract of the journals that most of them
mainly revolves around the different type of port scanning techniques.
This paper gives comprehensive information of various facets of network anomaly
detection including comparing many network anomaly detection methods and
systems. This help a researcher to be familiar with all elements of network anomaly
detection methods. The paper also gives overview of the underlying computational
techniques used in detecting anomaly detection methods. [1]
This paper present how to use extensive Penetration Tests (Ethical Hacking) to
reach maximums security level in network. The paper propose the use of a
Penetration Test methodology and framework capable to expose possible exploitable
vulnerabilities in every network layer. Furthermore, the paper gives comprehensive
analysis of a network penetration test case study that is used against a network
simulation in lab environment setup. This extensive analysis exposing common
network mis-configurations including the security implications which affect the whole
network and its users. [2]
This paper present multi-level access management that help in reconfigurable scan
networks. Typically, using the access is to restrict and locally protected instruments
at the interface to the network. The access restriction is to allow only a precomputed
set of scan-in access sequences. The paper shows extensive analysis result for
complex reconfigurable scan networks depends on the number of allowed access.
The multi-level access management is the scalable solution for complex
reconfigurable scan networks. [3]
This paper presents how to use just a simple network forensics architecture to
handling large volumes of network data. This method will also overcome a problem
of the resource intensive processing required for analysis. The paper proposes the
use of open source network security tools. The tools will be used to collect and store
the data. After the data is collected it will be used by the system to test against
various port scanning attacks. The results will describe the effectiveness in its

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 10 of 31

storage and processing capabilities. This technique can be used in detecting of

various port scan attacks. [4]
This paper presents the new approach to detect an obvious scans and the difficult
to find subtle scans. The method is to use the combination of the characteristicbased method and visual analytics. The two combining methods will provide useful
information and implications about port-scan attackers. The use of the two methods
will describes how the system can detect both obvious and subtle port-scanning
activities. It also provide the result of how critical it is to identify the port-scan
attackers in the data sets. [5]
This paper presents the technique called a Prophetic Defender (PD). This technique
can be minimized ZDAP. In the real network attack, the hackers first scan network to
identify host with vulnerable ports. If this port scanning can be detected early, zeroday attacks will become detectable. The way that PD technique operate is to use a
honeypot-based server deployed to detect malicious port scans. The report collect a
port-scanning on honeypot in 6 years from 2009 to 2015. Then analysing the collect
data which in turn showing a result of how PD technique help detecting and blocking
zero-day attacks. The block rate of the PD technique has an incredibly high rate at
98.5%. [6]
This paper describes how to implement port scan detection method on an encrypted
data. The methods is used to protect confidentiality of sensitive network data. The
report conducts the most four popular Port Scan detection algorithms namely Classic
Version (and its Time Variant), Threshold Random Walk (TRW), Bayesian Logistic
Regression (BLR). The report is also included the results such as performance and
storage of query based implementation on network flow data and Onion-layered
encryption system like Crypt DB. [7]
This paper presents how to use a layer of defence as a solution for diagnosing
denial of service (DoS). The methods can also be used to defences a port scan
attacks as well. This method using a parallel data structure to filter out DoS and port
scan attacks. The filter is worked well as it can filter network traffic before entering
the intrusion detection system. The method works based on statistical anomaly

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 11 of 31

detection. The results of implementing this method resulting in an acceptable records

in both error rate and speed. [8]
Reliable and scalable are top two aspect in securing cloud environment because the
cloud environment is vulnerable to a large number of security attacks. Nowadays,
attackers can launched and attack individually or concurrently. The paper gives a
comprehensive information of port-scan attack and the response of IDS. The test
environment is executed using virtual-box and SNORT. [9]
This paper presents a simulation framework using OMNeT++. The studied is to
generate benchmarks that resemble real-life traffic. The method that the paper using
was dividing the benchmarks into three modules (topology creation, good traffic
generation, bad traffic generation). Each modules resemble a traffic similar to the
traffic deployed and usable networks. The result of the benchmark is annotated and
made public. [10]
This paper using dendritic cell algorithm to develop a simple anomaly detection
system. The paper start with defined anomaly threshold coefficient (0.4759933)
which help determine a reviewed process tends to be anomalous. Based on the
result, Nmap process which has 0.6164136 as the average. The value can be
classified as an anomaly process within the host computer. Meanwhile, the values
below the defined anomaly threshold value can be classified as normal processes.
[11]
One big portion of Internet traffic today generated by port scans activities. The goal
of this project is to analyze sample network traces. The results can be used to
classify properties of port scans. The purposes of this project is to give better
understanding of the properties of port scans. The developer can use the result to
develop a better network intrusion detection systems and increase general network
security. [12]
This paper proposes two phases method for detecting slow port scans. The method
is simple and efficient method. First phase called feature collection phase, this phase
work by analyzing network traffic and extracting the features needed to validate a

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 12 of 31

certain IP as malicious or not. Second phase, is the classification phase. In this

phase based on the collected features for first phase. It divides the IPs into three
groups which are normal IPs, suspicious IPs and scanner IPs. This method is different
than the method used by IDSs. In traditional IDSs, it classifies IPs as either legitimate or
scanners. Therefore, producing a high number of false positives and false negatives.
[13]
The paper proposes Bloom filters (on-line algorithm) to detect port scan attacks in
IP traffic. The collected destination IP addresses and destination ports information
will be stored in a two-dimensional Bloom filter in two steps. This on-line algorithm
can be used on a real traffic stream by implementing with adaptive refreshing
scheme that closely follows traffic variations. When implementing this algorithm with
hashing function over a sliding window. It can be deal with IP traffic at a very high bit
rate because It is a scalable algorithm. [14]
This paper proposes a novel algorithm to detect and block port scans in real time.
This new algorithm is scalable and flexible. It can detect fast scanners as well as
stealth scanners having large inter-probe periods. The result of implementing this
algorithm on real network trace show the effectiveness in detecting and blocking
network scans. The result also show a very low false positives and false negatives
scan result. [15]
This paper presents the use of Microsoft Visual C++ MFC library and the
implementation of TCP port scanning together. The program implement multi-thread
and ping technology found in Microsoft Visual C++ MFC library. This resulting in
improvement of scanning efficiency of the program. The program results are
satisfactory. [16]
This paper presents a new approach that will simplify a technique for port knocking
system. The approach works by employing the Source Port Sequences which is
automatically generated by operating system and is pre-assigned to generate a
sequence. To mitigate problem with TCP replay attack and port scanning. The paper
proposes the technique that can controlling when each service start and stop. The
measure the performance of this technique, the authentication time to knock the

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 13 of 31

server will be used. In the real test, the proposes approach worked faster than other
methods like basic port knocking and Fwknop + SPA. As a result, the technique is
can be used to protect againte TCP replay attack and port scanning. [17]
This paper using technique called multi-window state map (MWSM) to show a novel
failed flow dispersion estimation technique. This technique requires small amount of
memory and a constant number of memory accesses for implementing the multiresolution concept. The paper proposed using multi-window state map technique to
help better port scan detector because this technique is well suited to hardware
implementation. [18]
This paper present a new technique called multiphase distributed vulnerability
detection (NICE). It is an attack graph-based analytical models and reconfigurable
virtual network-based countermeasures. This mechanism is worked on OpenFlow
network programming API. Developer can implement monitor and control plane to
build a virtual programmable virtual switches which improving the attack detection
and mitigate attack consequences. [19]
The paper gives information of all elements or cyber scanning topic. The paper
categorizes cyber scanning by strategies and approaches including comprehensive
review of its techniques. The paper also focuses on how to tackle cyber scanning by
focusing on methods of detecting cyber scanning. It also gives out two example of
cyber scanning attack which happened recently. [20]

3.2 Objectives of the Project

The core objective of the project is to enhance the security of port scanning by
developing smart port scanner tool. Because port scanning is one of the main
technique that can help secure computer system. With the help of smart port
scanner tool system administrator not only can view any attempts of port scan offline
but also get inform in real time if serious attack happened. The smart port scanner
tool present system administrator with a graphical view of report according to
information that system administrator required (time, date, weekly, monthly and
yearly). This actually saves time and cost to protect network system. The smart port
scanner tool will provide better understanding of how each network system works

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 14 of 31

which in turn system administrator can implement the information to increase

network security.

4. Project Requirements Analysis and Specification

To develop smart port scanner, we choose Microsoft Visual Studio 2015 as our software
developing tool. The reason that we go with MS Visual studio 2015 is because the
Cross-platform apps and libraries for native C++ feature. we can create our whole smart
port scanner in Visual C++. Visual C++ also enables us to edit, build, deploy, and debug
cross-platform code. In addition to develop cross-platform application. Visual C++ allows
us to create projects from templates for Android Native Activity apps, iOS apps, or
shared code library projects for multiple platforms that include Xamarin hybrid apps. Our
smart port scanner tool is simple to use and easy be configured by system
administrator. The user interface is intuitive and friendly which make it easy to work with.
Report generator feature in smart port scanner is easy to use with step by step help in
generating all the reports. Furthermore, the smart port scanner program is small in size
and utilize less memory.
The File menu, will have a feature that save port scanning result in to log file. The Smart
port scanner will then be able to load that log file to display on screen for easy viewing.
The tool menu will have a feature like screen capture and network mapping tool to help
network administrator in managing the network. The report menu, let user generate
report of the result of port scanning. There are two type of the report that Smart port
scanner can generate. The first is report in PDF format and the second is report in
HTML/XML format. Help menu will give out information and instruction of how to operate
Smart port scanner. The requirement of the program is to enter at least one IP address
of the host then enter at least one port number. Next user has an option to show only
open port or show both open and close port in scan result. The other option is to select
scan type which are common scan (scan common and well know port regardless of port
user select) and intense scan (scan all the port of the host). Then user can start scan by
clicking scan button. The result of port scan is showing in grid view which include Host
IP address, Port number, Port State (open or close), Service on that port, Domain, and
user. Please see figure 1 for the result after the Smart port scanner finished the port
scan. The result of the scan can be collect and use to generate report using report

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 15 of 31

menu explained above. Please see figure 2 5 for example of the Smart port scanner
report. The smart port scanner will also be able to run in command line mode with the
configuration file to configure the scan criteria. This is how to implement scanning for the
network using standard client-server architecture to distribute Smart port scanner
command line file to all the client and run that command line on each client that
connected to the server.

Figure 1 shows GUI of Smart port scanner

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 16 of 31

Figure 2 shows sample of Port scanning detected base on priorities (Pie chart graph)

Monthly port scan report

10000
9000
8000
7000
6000
5000
4000
3000
2000
1000
0

Figure 3 shows sample of Monthly port scan report (Bar Graph)

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 17 of 31

Weekly port scan report

1800
1600
1400
1200
1000
800
600
400
200
0

Week 1

Week 2

Week 3

Week 4

Figure 4. shows sample of weekly port scan report (3D Bar Graph)

Daily port scan report

250
200
150
100
50
0

Figure 5 shows sample of Daily port scan report (Line Graph)

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 18 of 31

Figure 6 shows sample of Smart port scanner running in command line

5. Project plan and preliminary design

The flow chart diagram given below explains the design methodology of the Smart
port scanner which will get the input through user (IP address and port number).
Then it will validate both IP address and port number. If it not valid then it will inform
user to re-enter a valid IP address and port number. If it is valid IP address and port
number. It will then start continually monitor the port. While it running it will keep all
the result in log file which then can be used to generate a report. Furthermore, it will
check for suspicious port activities if it found suspicious activities then it will make a
decision to act best on level of seriousness 1 3 (inform network administrator in 3
different ways based on seriousness) and keep running. Otherwise, it will have to
make a decision based on network traffic. If it determined that the traffic is high, then
it will deactivate itself and wait until less traffic in the network to activate itself to do

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 19 of 31

port scanning again. The Smart port scanner will terminate once user choose to
terminate the program. Please see flow chart below.

Flow chart of Smart Port Scanner

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 20 of 31

Figure 7 shows design methodology of Smart port scanner

Smart port scanner network scanning for a large group of clients

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 21 of 31

The Smart port scanner will be able to run in command line with a command line
configuration file configured. This is the way that Smart port scanner will be able to
scan a large group of clients at once. We will set up virtual server which will be
distributed the Smart port scanner command line file to all clients connected to it.
The virtual server will then reads an already configured Smart port scanner
command line file and sends the Smart port scanner command line to all clients. This
works by implementing a client/server architecture (Cloud based). All of the clients
had Smart port scanner program installed and when it received the Smart port
scanner command line file it run Smart port scanner according to the configured in
the command line file. The output of the scan can be stored on both server and
clients.

Figure 8 shows Smart port scanner can scan large group of clients

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 22 of 31

Weekly Activity Table

Table 1 shows weekly activities table of smart port scanner research project

Week 4
Week 5

Week 6

Week 1
Week 2
Week 3

Week 7

Week 8

Week 9

Week 10

Week 11

Week 12

Research literature review for individual task

Conducted literature review extensively on chosen topic
Review and ensure that literature review is clear and concise
Working on Introduction of the topic, report overview, abstraction
Ensure that report template is meet to final report requirement
Specify and identified at least 3 or more of research problems
List project requirements such as hardware, software including
detailed specification
Create table of weekly activities, roles & responsibilities of each
team member and Gantt chart
Submit the report one included abstraction, introduction, section 2,
section 3, and section 4.
Ensure that project requirements, design, plan are well thought
Discuss with the lecturer regarding what we have done. It is about
preliminary design such as flowchart and explanation.
Presented project detail in flow chart diagram, Gantt chart, and
weekly table activities and roles & responsibilities of each team
member
Discuss and get feedback from the lecturer regarding that we have
done.
Prepare detail of research methods to be used for the next stage of
the project
Submit the complete report two that is concern in section 5.
Continue writing to complete the report within section 6 and section
7
Discuss with the lecturer in terms of section 6 and section 7 to get
some feedbacks
Ensure that conclusion and limitations are clearly also concise and
review all phases from each project.
Submit the report three, that is final report which are section 6 and 7
Presentation of the Complete Project

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 23 of 31

Research project weekly activity Gantt chart

Figure 9 shows Gantt chart in detail view

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 24 of 31

Figure 10 shows Gantt chart in timeline view

Role and Responsibilities Table

Name
Surachet
Sukkram

Role

Responsibilities

Team
Member

Research literature review for individual task

Conducted literature review extensively on chosen topic
Working on Introduction of the topic, report overview,

abstraction
Specify and identified at least 3 research problems
List project requirements such as hardware, software including

detailed specification
Create table of weekly activities, roles & responsibilities of

each team member and Gantt chart

Ensure that project requirements, design, plan are well thought
Presented project detail in flow chart diagram
Prepare detail of research methods to be used for the next

stage of the project

Work on implementation part of the project next state and
Create table of weekly activities, roles & responsibilities of

Ageng
Hardani

Team
Member

each team member and Gantt chart

Ensure that conclusion and limitations are clearly and concise
Review all phases of the report and practice of the

presentation
Presentation of the final report
Research literature review for individual task
Conducted literature review extensively on chosen topic
Ensure that report template is meet to final report requirement
Specify and identified research problems
Create table of weekly activities, roles & responsibilities of each

team member and Gantt chart

Ensure that project requirements, design, plan are well thought
Prepare detail of research methods to be used for the next

stage of the project

Work on implementation part of the project next state and
Create table of weekly activities, roles & responsibilities of each

team member and Gantt chart

- Ensure that conclusion and limitations are clearly and concise
- Review all phases of the report and practice of the presentation
- Presentation of the final report
Table 2 shows role and responsibilities of team member

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 25 of 31

Cost and Budget Planning for Develop Port Scanner

The Smart port scanner is the software base system. The cost can be divided into
two categories which is one time cost and recurring cost. The one time cost is that
involve software development and testing. The recurring cost is the cost that involves
running and maintaining software. The first one time cost is the software
development to we use to develop the Smart port scanner. As mentioned in section
four, we choose

Microsoft Visual Studio 2015 as our software developing tool. We

will be using Visual Studio 2015 Community version because it is a fully-featured,

extensible, free IDE for creating modern applications. Additionally, it is free of charge.
We do not have to pay for the licence fee to use it which is well suited the budget.
The free version of Microsoft Visual Studio 2015 Community can be downloaded at
the Microsoft website https://go.microsoft.com/fwlink/?LinkId=691978&clcid=0x409.
We have developed cost and budget planning using Microsoft project which divided
the process of our software development into five phases. The first phase is the
Project Planning and Initiation, in this phases the system analyst will gathering all of
the software requirement and perform estimation. The final stage of the project
planning and initiation is to get the approval and sign off to start the project. Next
phase is the designing process, in this phase the detail design and documentations
will be created. The design will be reviewed by software developer. Then the building
phase is started. The building phase is when the software programmer developing
the program component and sub component which include the integration testing of
the software. The implement phase come after building phase, it is the phase to put
the software in to the real working environment. Then the testing phase kick off, it is
the phase that will configure and testing to make sure that the software working
correctly as in should in the real working environment.

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 26 of 31

Figure 12 shows Gantt chart for Cost and Budget Planning of the Smart port scanner

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 27 of 31

Figure 13 shows network diagram for Cost and Budget Planning of the Smart port
scanner
The recurring cost is the cost of the virtual server. Our project is to implement virtual
server and we will be using it to distribute the Smart port scanner command line file
to all clients that connected to it. The Smart port scanner is written in C++ which
allows it to run on multiple platform. To take advantage of this we selected the Linode
Linux virtual server as our virtual server platform. Linode.com is the one of the
leaders in Linux virtual server platform. The plan of virtual server that we choosing is
Linode 12GB. The cost per month is $80 which is about $.12 per hour. The virtual
server specification includes 12 GB RAM, 6 CPU Cores, 192 GB SSD Storage, 8 TB
Transfer, 40 Gbps Network In, and 1000 Mbps Network Out. We decide to use
Linode because the flexibility in resizing the account. We can upgrade or downgrade
the

account

at

any

time.

Pricing

of

Linode

plan

can

be

found

at

https://www.linode.com/pricing. Lastly, we then install The Smart port scanner in all

clients and our proposed system should be up and running at no time.
Description
Software: Microsoft Visual Studio 2015

Category
One time

Free

Cost

Community
Software Developing, implementing and testing

One time

$16,300

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 28 of 31

Linux Virtual Server: Linode.com

Recurring

$80/Month

Table 3 shows budget to implement the Smart port scanner

Use Case Diagram for the Port Scanner

Based on the figure 14, system administrator will input specific IP address and port
number in configuration file then upload it in the server. The server will distribute the
configuration file to all of the hosts which the host will run the program automatically
after received the configuration file. For the main process, the program will continue
scanning if the network traffic is low. If the network traffic is at peaked. It will stop
scanning and wait for the network traffic to be in non-peak time to continue scanning.

Figure 14 shows Use Case Diagram for the Smart port scanner

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 29 of 31

6. Research methods to be used for the next stage of

7. the pr
8. oject
Write how are you going to implement your above project design in
terms of your research method, design of experiment, data collection
method, data analysis method etc
Are there any alternatives to the experimental/investigative model
design? What is the justification of your choice?

9. Conclusion and limitations

Summary of the project, clearly list out the limitation of the simulation
and the project

References
Compile your reference list as used in the review and research sections.
This section should not contain any reference to any article that you have
not used. Use the IEEE Communications referencing format. Check the
Library on this format. For examples

References
[1] H. Monowar, D. Bhuyan, B. K and J. K. Kalita, Network Anomaly
Detection: Methods, Systems and Tools, IEEE Communication, vol.
16, pp. 303-336, 2014.
[2] B. A and S. N., Aiming at Higher Network Security through

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 30 of 31

Extensive Penetration Test, IEEE Latin America Transaction, pp.

1752-1756, 2012.
[3] R. Baranowski, M. Kochte and H. Joachim, Access Port Protection for
Reconfigurable scan Neworks, Journal of Electronic Testing, vol. 30,
no. 6, p. 711, December 2014.
[4] Kaushi and K. Atul, Network forensic system for port scanning
attack, in Advance Computing Conference, India, 2010.
[5] W. Wang, Y. Baijian and V. C. Yingjie, Detecting Subtle port scans
through characteristics based on interactive visualization, in
Proceedings of the 3rd annual conference on Research in Information
Technology, 2014.
[6] C. N. Kao, C. Yung, Chang, N. F. Huang, S. S.I and I. J. Liao, A
predictive zero day network defense using long term port scan
recording, in IEEE Conference, 2015.
[7] P. Chandrashekar, S. Dara and V. N. Muralidhara, Feasibility Study of
Port Scan Detection on Encrypted Data, in IEEE International
Conference on Cloud Computing in Emerging Markets (CCEM), 2015.
[8] M. Hasanifard and B. T. Ladani, DoS and port scan attack detection
in high speed network, in Information Security and Cryptology
(ISCISC), 2014.
[9] P. Deshpande, A. Aggarwal, S. C. Sharma and P. S. Kumar,
Distributed port scan attack in cloud environment, in
Computational Aspects of Social Network CASoN), 2013.
[10 M. AlTamimi, W. El-Hajj and F. Aloul, Framework for creating
] realistic port scanning benchmarks, in INternational Wireless
Communications and Mobile Computing Conference (IWCMC), 2013.
[11 S. Anandita, Y. Rosmansyah, B. Dabarsyah and J. U. Choi,
] Implementation of dendritic cell algorithm as an anomaly detection
method for port scanning attack, in International Conference on
Information Technology Systems and Innovation (ICITSI), 2015.
[12 C. R. E. S. Cynthia Bailey Lee, Detection and Characterization of
] Port Scan Attacks, 2013.
[13 M. Dabbagh, A. J. Ghandour, K. Fawaz and W. E. Hajj, Slow port
] scanning detection, in Information Assurance and Security (IAS),
2011.
[14 Y. Chabchoub, C. Fricker and P. Robert, Improving the detection of
] on-line vertical port scan in IP traffic, in International Conference on
Risks and Security of Internet and Systems (CRISIS), 2012.
[15 T. Anand, Y. Waghela and K. Varghese, A scalable network port scan
] detection system on FPGA, in International Conference on, 2011.
[16 Y.-b. Guo, H. d. Yin and B. gao, Research and Implementation of
] Multi-Thread Port Scanning technology, in Internet Technology and
Applications (iTAP), International Conference, 2011.
[17 F. H. Ali, R. Yunoz and A. M. Alias, Simple port knocking method:
] Against TCP replay attack and port scanning, in Cyber Security,
Cyber Warfare and Digital Forencsic (CyberSec), 2012.
[18 M. Dabbagh, a. J. Ghandour, K. Fawaz and W. E. Hajj, Slow Port
] Scanning Detection, in Information Assurance and Security (IAS),

Project title: Developing Smart port scanner to better secure network

MN691 Research Methods and Project Design Page 31 of 31

2011.
[19 M. HWASHIN, Y. SUNGWON, C. GYU SANG, J. YONGSUNG and
] JOENGNYEO, A Multi-resolution Port Scan Detection Technique for
High Speed Networks, Journal of information Science &
Engineering, vol. 31, 2015.
[20 H. E. Bou, D. Mourad and A. Chad, Cyber Scanning: A
] Comprehensive Survey, vol. 16, 2014.
[21 C. Chung, P. Khatkar, T. Xing, J. Lee and D. Huang, NICE: Network
] Intrusion Detection and Countermeasure Selection in Virtual
Network System, IEEE, vol. 10, pp. 198-211, 2016.

Glossary and Abbreviations

Appendices
If you have appendices, then include them here, for example

Appendix I: Simulation Source Codes

Appendix II: Detailed proof of theory
Appendix III: Very Long Tables of data

Project title: Developing Smart port scanner to better secure network